Dpitt1968
Reputation: 109
Powershell, command line and event logs
We added the following to the powershell profile in an effort to collect what's typed in the command line.
$LogCommandHealthEvent = $true
$LogCommandLifeCycleEvent = $true
But how do I get the info from here, I'm looking for what's typed in the command line into the powershell console -
$event = Get-WinEvent -FilterHashtable @{logname=’Windows Powershell'; id=500} -MaxEvents 1
$Event.Message
gives me the info but all I want is the last line "CommandLine"
Details:
NewCommandState=Started
SequenceNumber=313
HostName=Windows PowerShell ISE Host
HostVersion=4.0
HostId=6fda55e7-4366-4719-ad59-8962eda1521f
EngineVersion=4.0
RunspaceId=e82c8130-1c67-4d61-b513-9ac55bc148ba
PipelineId=52
CommandName=Get-WinEvent
CommandType=Cmdlet
ScriptName=
CommandPath=
CommandLine=$event = Get-WinEvent -FilterHashtable @{logname=’Windows Powershell'; id=500} -MaxEvents 1
Any suggestions?
Upvotes: 0
Views: 494
Answers (1)
Mathias R. Jessen
Reputation: 174445
The Message property is one multi-line string, I would split it by newlines and select the last one:
$Event.Message -split "`r?`n" |Select-Object -Last 1
Upvotes: 1
Related Questions
- PowerShell says "execution of scripts is disabled on this system."
- Setting Windows PowerShell environment variables
- How to run a PowerShell script
- Determine installed PowerShell version
- How to handle command-line arguments in PowerShell
- How to enter a multi-line command
- How do I concatenate strings and variables in PowerShell?
- How do you comment out code in PowerShell?
- Powershell command line logs - what is 'prompt'
- Powershell - Query event 4688 for command line text