Sunday, March 3, 2013

Dump the schema for Windows Security Events



Here's a useful Powershell one-liner for getting at the Windows Security Event Log schema:
(get-winevent -listprovider microsoft-windows-security-auditing).events

You may want to save the output to a varialbe:
$events = (get-winevent -listprovider microsoft-windows-security-auditing).events

Here's an example of the output:


No comments:

Post a Comment

Grand Canyon: Rim-to-Rim 1 of n

I hadn't intended to drive for 16 hours. It's around midnight and my friend and I are about two hours away from Bright Angel Lodge a...