用Eventquery.vbs获得系统日志信息

Posted on Fri 24 February 2012 in 我用(IT)

Refer: http://technet.microsoft.com/zh-cn/68672494-7700-4cbf-8392-4b6ef87b8749

描述: EventQuery.vbs 脚本允许管理员从一个或多个事件日志中列表事件和事件属性。

Sample: - Microsoft Security Client by Cmd Line set Scan_File=x:....

set MSC_CMD="%ProgramFiles%Microsoft Security ClientAntimalware"MpCmdRun set MSC_CMD=%MSC_CMD% -scan -ScanType 3 -SignatureUpdate -UNC -file %MSC_CMD% %Scan_File%

  • output Scan starting... Scan finished. Scanning x:.... found 1 threats. Cleaning started... Cleaning finished.

  • get info at eventlogger eventquery /l system /fi "Datetime gt 02/24/2012,5:00:00PM" /fi "Type eq Warning" /v

  • output

... Microsoft Antimalware 已检测到... 有关详细信息,请参阅以下信息: http://go.microsoft.com/... 名称: Barbon:Galaxy/Centaurus ID: 2046 严重性: LevelX 类别: Superman 路径: containerfile:...

命令行工具