522235677 (张三)当前离线
少校
flashercs 当前离线
$evt=Get-WinEvent -LogName Security -FilterXPath "Event[System[EventID=4625 and TimeCreated[timediff(@SystemTime)<=600000]]]" -MaxEvents 1 -ErrorAction SilentlyContinue if($null -ne $evt){ $evt.Properties[3].Value # IP地址可能不是这个序号 }复制代码
TOP
$evt=Get-WinEvent -LogName Security -FilterXPath "Event[System[EventID=4625 and TimeCreated[timediff(@SystemTime)<=600000]]]" -MaxEvents 1 -ErrorAction SilentlyContinue if($null -ne $evt){ $evt.Properties }复制代码
$evt=Get-WinEvent -LogName Security -FilterXPath "Event[System[EventID=4625 and TimeCreated[timediff(@SystemTime)<=600000]]]" -MaxEvents 1 -ErrorAction SilentlyContinue if($null -ne $evt){ $ip=$evt.Properties[19].Value curl.exe http://test.com?ip=$ip }复制代码
评分人数
"Event[System[EventID=4624 and TimeCreated[timediff(@SystemTime)<=600000]] and EventData[Data[@Name='LogonType']=10]]"复制代码