PowerShell to read eventviewer security log

Saran 26 Reputation points
2022-12-01T09:43:51.78+00:00

Hi All,

Would like to get - "Event ID, Computer Name, Account Name, Source Network Address, Logged" from PowerShell. Since I see lot of login attack to our server.
Any anyone help to share some code to export as csv

266125-login-fail.jpg

Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,580 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Olaf Helper 45,371 Reputation points
    2022-12-01T10:00:37.47+00:00

    For this you can use the CmdLet Get-EventLog

    0 comments No comments

  2. Saran 26 Reputation points
    2022-12-01T12:44:26.627+00:00

    I have tried simple one but did not get login Account name

    get-eventlog security | where-object {$_.EventID -eq "4625"} | select TimeGenerated,UserName |fl

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.