I'm a PowerShell newbie trying to write a simple script to look up the number of times a specific user has logged into a workstation, and export that information in a useful way to a CSV file so it can be easily manipulated. The CSV file only really needs to contain the time of login and the username mentioned in the "Message" section of the Security log entry.
My problem is it seems I can either get a CSV file with a truncated "Message" no containing the username, or I get all the information I want printed to host instead of exporting to CSV. I'm sure the solution is probably very basic, but like I said I'm a newbie.
In the code posted here I get everything I need printed to host, but I can't seem to get it into a CSV file. Any help would be appreciated.
New-Item -Name "UserLoginHistory" -Path C:\ -ItemType Directory -Force | Out-Null
$UserName = Read-Host -Prompt 'Which user are you searching for?'
$a =Get-EventLog -LogName Security -Message "*$UserName*" | Where-Object {$_.EventID -eq 4624}
foreach($item in $a)
{
$timeLog = $item.TimeGenerated
$item = $item.Message.Split(":")
$subject = $item[3].split()
#$subject[2]
$NewLogin = $item[14].split()
#$NewLogin[2]
$WorkstationName = $item[26].split()
#$WorkstationName[1]
$SourceNetworkAddress = $item[27].split()
#$SourceNetworkAddress[1]
"Time: $timeLog Subject: $($subject[2]) NewLogin: $($NewLogin[2]) WorkstationName $($WorkstationName[1]) SourceNetworkAddress $($SourceNetworkAddress[1])"
}
Export-Csv -Path C:\UserLoginHistory\LoginHistory.csv
Export-CSVcmdlet. [grin] ///// second, you are not creating an object to send to the above cmdlet. ///// third, your code produces lots and lots of red error text about the$WorkstationName&$SourceNetworkAddresslines on my win7,ps5.1 system. ///// forth, the$Subjectand$NewLoginlines are producing-and0x0instead of what you want them to be. ///// does that code actually work on your system? – Lee_Dailey$itemof the foreach inside the{scrript block}for other purposes. – user6811411