Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/powershell/13.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
如何从Powershell中的for each循环写入到宿主唯一结果列表?_Powershell - Fatal编程技术网
Fatal编程技术网
  • powershell/
  • 如何从Powershell中的for each循环写入到宿主唯一结果列表?

如何从Powershell中的for each循环写入到宿主唯一结果列表?

powershell

如何从Powershell中的for each循环写入到宿主唯一结果列表?,powershell,Powershell,在下面的代码中,我得到了一个重复值的列表。我试图为每一个重复的行只有一行,不同的 代码如下: # Find DC list from Active Directory $DCs = Get-ADDomainController -Filter * # Define time for report (default is 1 day) $startDate = (get-date).AddDays(-1) # Store successful logon events from securit

在下面的代码中,我得到了一个重复值的列表。我试图为每一个重复的行只有一行,不同的

代码如下:

# Find DC list from Active Directory
$DCs = Get-ADDomainController -Filter *

# Define time for report (default is 1 day)
$startDate = (get-date).AddDays(-1)

# Store successful logon events from security logs with the specified dates and workstation/IP in an array
foreach ($DC in $DCs){
$slogonevents = Get-Eventlog -LogName Security -ComputerName $DC.HostName  -after $startDate -InstanceId 4624 | where {$_.ReplacementStrings[5].ToLower() -eq "administrator"}

# Crawl through events; print all logon history with type, date/time, status, account name, computer and IP address if user logged on remotely

  foreach ($e in $slogonevents){            
    if ($e.EventID -eq 4624 -and $e.ReplacementStrings[8] -In 3..10){            
      if([ipaddress]::TryParse($e.ReplacementStrings[18],[ref][ipaddress]::Loopback))
      {
        $type = $e.ReplacementStrings[8]
        $ip = $e.ReplacementStrings[18]
        $hostname=([system.net.dns]::GetHostByAddress($ip)).HostName

        write-host "Type:" $type "`tIP Address: " $ip  "`tHost Name: " $hostname             
      }
    }
  }
} Get-Unique #this does not work, also tried Unique
我得到一个类似于以下的输出

Type: 3  IP Address: 192.168.1.1 Host Name: ABCD
Type: 3  IP Address: 192.168.1.1 Host Name: ABCD
Type: 3  IP Address: 192.168.1.1 Host Name: ABCD
Type: 3  IP Address: 192.168.1.2 Host Name: EFGH
Type: 3  IP Address: 192.168.1.2 Host Name: EFGH
Type: 3  IP Address: 192.168.1.2 Host Name: EFGH
Type: 3  IP Address: 192.168.1.1 Host Name: ABCD
我想得到:

Type: 3  IP Address: 192.168.1.1 Host Name: ABCD
Type: 3  IP Address: 192.168.1.2 Host Name: EFGH
我认为,您没有获得唯一值的原因是您正在foreach循环中写入主机,在唯一值之前。基本上是在它知道什么是独一无二之前就把它们写出来

我要做的是创建一个PSCustomObject并在foreach中分配它。这将允许您稍后使用| Select-Unique调用它

正是我所寻找的,我将$report=@行移动到第一个for循环,以防与DCs重复,从而对其进行了更多的改进。您可以在回答中修复它。将其移动到ForEach中根据我的理解,您应该从GetHostByAddress$ip.HostName中删除$ip,因为在此阶段尚未创建ip变量。我更新了它,用$e.ReplacementSTrings来查找它[18] 
# Find DC list from Active Directory
$DCs = Get-ADDomainController -Filter *

# Define time for report (default is 1 day)
$startDate = (get-date).AddDays(-1)

# Store successful logon events from security logs with the specified dates and workstation/IP in an array
foreach ($DC in $DCs){
$slogonevents = Get-Eventlog -LogName Security  -after $startDate -InstanceId 4624 | where {$_.ReplacementStrings[5].ToLower() -eq "administrator"}

# Crawl through events; print all logon history with type, date/time, status, account name, computer and IP address if user logged on remotely

  foreach ($e in $slogonevents){  
     $report = @() 
    if ($e.EventID -eq 4624 -and $e.ReplacementStrings[8] -In 3..10){            
      if([ipaddress]::TryParse($e.ReplacementStrings[18],[ref][ipaddress]::Loopback))
      {
        $object = New-Object PSCustomObject -Property @{
            type = $e.ReplacementStrings[8]
            ip = $e.ReplacementStrings[18]
            hostname=([system.net.dns]::GetHostByAddress($($e.ReplacementStrings[18]))).HostName        
        }
        $report += $object
      }
    }
  }
}
$report | select -Unique