Powershell: Reading Event Logs

This works on Windows Server 2003 / 2008 / 2012, although I couldn’t get the RAW data from 2003. Might be the way Citrix have created the event.

[powershell]
$mydate = get-date 25/02/2014
$log = Get-EventLog -ComputerName {server_name} -logname "CitrixAGE Audit" -Source "AGE Audit" after $myDate| ?{$_.eventID -eq 202}
$log.count
$log | ft -properties*
[/powershell]

This actually pulls the logs pertaining to users logging on to a Citrix Access Gateway, where Advanced Access Controller has been installed.

Technet with useful examples

Hey Scripting Guy – Some WMI examples

Leave a Reply

Your email address will not be published. Required fields are marked *

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax

This site uses Akismet to reduce spam. Learn how your comment data is processed.