Hi ,
I'm trying to query Event viewer security log for an event that has an object type "Computer". can't find the object type property anywhere. any idea please ?
Get-WinEvent -LogName security | Select-Object -Property *
Hi ,
I'm trying to query Event viewer security log for an event that has an object type "Computer". can't find the object type property anywhere. any idea please ?
Get-WinEvent -LogName security | Select-Object -Property *
@Bonus12 That's what the editing in MS Q&A does when it spots a "$" followed by a "" -- it removes the "" when code is posed as text. Using the "Code Sample" avoids that. BTW the same problem existed on the "Add-Member" line.
Here's what the code should look like:
$ArrayList = New-Object System.Collections.ArrayList
Get-WinEvent -logname security -FilterXPath "*[System[EventID=4907]]" -MaxEvents 10 |
ForEach-Object{
$XML = [xml]$_.toXml()
$PsObject = New-Object psobject
$XML.Event.EventData.Data |
ForEach-Object{
$PsObject |
Add-Member -MemberType NoteProperty -Name $_.Name -Value $_."#text"
}
$ArrayList.add($PsObject) | out-null
}
$ArrayList | Select-Object *
Hi @Bonus12,
This post describes how you can obtain the Object Type:
https://stackoverflow.com/questions/54406245/how-to-get-powershell-get-winevent-security-message-access-mask-that-mat
From the above link I modified it as an example on how to get a specific event ID's Object Type:
$ArrayList = New-Object System.Collections.ArrayList
Get-WinEvent -logname security -FilterXPath "*[System[EventID=4907]]" -MaxEvents 10 | %{
$XML = [xml]$_.toXml()
$PsObject = New-Object psobject
$XML.Event.EventData.Data | %{
$PsObject | Add-Member -MemberType NoteProperty -Name $_.Name -Value $_."#text"
}
$ArrayList.add($PsObject) | out-null
}
$ArrayList | Select *
Example output:

You can modify the script as per your own needs.
If the reply was helpful please don't forget to upvote and/or accept as answer, thank you!
Best regards,
Leon
Thank you @LeonLaude , but when I run it I get an error at line 3 char:13
unexpected token '$.toxml' in expression or statement.
I think you meant $_.toxml()
I thought I had put the code in a "code sample", but now I've modified it to reflect better.
11 people are following this question.