Reputation: 333
Selecting node with Data name in powershell
I have xml file generated from server log, which contains nodes. These nodes can look both like <Version>0</Version> and <Data Name="LogonType">3</Data>. I have xml loaded into $xmlData variable. When I try to access former, $xmlData.Event.System.Version it displays 0(=correct). But if I try to do that with latter, $xmlData.Event.EventData.LogonType, it does not display anything. How does one access the latter?
I did put the variable with loaded xml into foreach and cycled over it to find out names of the objects which it creates for foreach, so the name of the latter should be correct. This way you can get the data from it. How do you get data from the latter directly?
I have included an example of my xml file, but I was unable to format it into viewer friendly form(not one long line, enter broke the code).
<Event><System><Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}"/><EventID>4624</EventID><Version>0</Version><Level>0</Level><Task>12544</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime="2018-04-18T04:51:55.703563800Z"/><EventRecordID>585</EventRecordID><Correlation/><Execution ProcessID="640" ThreadID="5608"/><Channel>Security</Channel><Computer>Computer name</Computer><Security/></System><EventData><Data Name="SubjectUserSid">S-1-0-0</Data><Data Name="SubjectUserName">-</Data><Data Name="SubjectDomainName">-</Data><Data Name="SubjectLogonId">0x0</Data><Data Name="TargetUserSid">user-id</Data><Data Name="TargetUserName">UserAcc</Data><Data Name="TargetDomainName">DomainName</Data><Data Name="TargetLogonId">tlogId</Data><Data Name="LogonType">3</Data><Data Name="LogonProcessName">Nt </Data><Data Name="AuthenticationPackageName">NTLM</Data><Data Name="WorkstationName">WorkstationName</Data><Data Name="LogonGuid">{00000000-0000-0000-0000-000000000000}</Data><Data Name="TransmittedServices">-</Data><Data Name="LmPackageName">NTLM V2</Data><Data Name="KeyLength">keyL</Data><Data Name="ProcessId">0x0</Data><Data Name="ProcessName">-</Data><Data Name="IpAddress">IpAddress</Data><Data Name="IpPort">IpPort</Data></EventData></Event>
Upvotes: 0
Views: 404
Answers (1)
Reputation: 780
"LogonType" is an attribute value, you can not access it like a node or an attribute.
If I understood the question correctly, you can use pipe and filter to read the value of the node data which name attribute value is "logontype" (tested with PowerShell 5) :
$xml = [xml]@"...your xml.."
$xml.Event.EventData.Data | ? Name -eq LogonType | % innertext
# output 3
Upvotes: 1
Related Questions
- selecting specific node with xpath in powershell
- How do I get a specific XML node in Powershell
- Powershell Select node by String value
- How-To select elements from my XML-file in powershell
- How can I select specific XML nodes in Powershell from multiple node values?
- Powershell XML select node with particular value
- Select specific node properties
- Getting values from all nodes with specific name from XML
- Identifying a particular node in XML using PowerShell
- How to select a single node from an Xml Document in Powershell where the XPath contains a variable?