0

我在写入 TXT 文件时遇到了写入 get-eventlog 函数的问题。

这是我的 LogWrite 函数:

#Log Function
$Logfile = "..\Logs\$(gc env:computername)_Outlook.log"
$Stamp = (Get-Date).toString("yyyy/MM/dd HH:mm:ss")

Function LogWrite
{
   Param ([string]$logstring)
   Add-content $Logfile -value $Stamp": "$logstring -Force
}

这是我的部分脚本中的 LogWrite 代码。

$OutlookHangDetailed = Get-EventLog -Log "Application" -Source "Application Hang" -Message "*OUTLOOK.EXE*" -After (Get-Date).AddHours(-12) -ErrorAction SilentlyContinue

LogWrite $OutlookHangDetailed | Format-List

我遇到的问题是它在 txt 文件中像这样出现:Microsoft.PowerShell.Commands.GenericMeasureInfo

但如果我只是简单地回应它,它就会像这样(这是一个例子):

Index              : 2568
EntryType          : Information
InstanceId         : 15
Message            : Updated Symantec Endpoint Protection status successfully to SECURITY_PRODUCT_STATE_ON.
Category           : (0)
CategoryNumber     : 0
ReplacementStrings : {Symantec Endpoint Protection, SECURITY_PRODUCT_STATE_ON}
Source             : SecurityCenter
TimeGenerated      : 3/15/2017 7:46:02 AM
TimeWritten        : 3/15/2017 7:46:02 AM

我怎样才能让这个以这种方式写入日志?

4

3 回答 3

1
  • 您的日志功能没有输出。你没有用管道输送任何东西Format-List
  • $OutlookHangDetailed将是 的对象数组[System.Diagnostics.EventLogEntry]。你可以用 . 把它变成一个字符串$logstring | fl | out-string。直接转换为字符串不会为您提供所需的输出。
$Logfile = "..\Logs\$(gc env:computername)_Outlook.log"
$Stamp = (Get-Date).toString("yyyy/MM/dd HH:mm:ss")

Function LogWrite {
        Param (
            [System.Diagnostics.EventLogEntry[]]$logstring,
            [string]$Logfile,
            [string]$Stamp
        )


        $logentry = "$($Stamp):$($logstring | fl | out-string)"
        Add-Content $Logfile -value $logentry -Force
        $logentry
    }

$OutlookHangDetailed = Get-EventLog -Log "Application" -Source "Application Hang" -Message "*OUTLOOK.EXE*" -After (Get-Date).AddHours(-12) -ErrorAction SilentlyContinue

LogWrite $OutlookHangDetailed $Logfile $Stamp
于 2017-03-15T20:45:16.143 回答
0 
Get-EventLog -Log "Application" -Source "Application Hang" -Message "*OUTLOOK.EXE*" -After (Get-Date).AddHours(-12) -ErrorAction SilentlyContinue >> "..\Logs\$(gc env:computername)_Outlook.log"

这将按预期工作

于 2017-03-15T19:54:55.963 回答
0

也许是这样的:

    Function LogWrite
    {
       param (
         $logstring
       )

       $Stamp | Out-File -Encoding UTF8 -FilePath $Logfile -Append -Force
       ($logstring | Format-List) | Out-File -Encoding UTF8 -FilePath $Logfile -Width 1024 -Append -Force
    }

并使用以下命令调用您的函数:

    LogWrite $OutlookHangDetailed
于 2017-03-15T21:32:07.180 回答