Powershell convertfrom-字符串不起作用
Powershell convertfrom-字符串不起作用
提问于 2020-12-23 10:44:19
我正在尝试使用convertfrom-string解析事件日志,但无法获得结果。事件和代码如下。
$string=@'
%NICWIN-4-Security_4768_Microsoft-Windows-Security-Auditing: Security,rn=54761543 cid=8228 eid=728,Mon Nov 30 15:59:32 2020,4768,Microsoft-Windows-Security-Auditing,,Audit Success,PAD.Local,Kerberos Authentication Service,,A Kerberos authentication ticket (TGT) was requested. Account Information: Account Name: SQLSVC Supplied Realm Name: PAD User ID: S-1-5-21-3919716692-2946903121-3479928240-1751 Service Information: Service Name: krbtgt Service ID: S-1-5-21-3919716692-2946903152-3479928250-502 Network Information: Client Address: ::ffff:192.168.1.5 Client Port: 56168 Additional Information: Ticket Options: 0x40810010 Result Code: 0x0 Ticket Encryption Type: 0x12 Pre-Authentication Type: 2 Certificate Information: Certificate Issuer Name: Certificate Serial Number: Certificate Thumbprint: Certificate information is only provided if a certificate was used for pre-authentication. Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
'@
$temp=@'
%NICWIN-4-Security_4768_Microsoft-Windows-Security-Auditing: Security,rn=54761543 cid=8228 eid=728,Mon Nov 30 15:59:32 2020,{EventID*:4768},Microsoft-Windows-Security-Auditing,,{Type:Audit Success},{ServerName:PAD.Local},Kerberos Authentication Service,,{Ticket:A Kerberos authentication ticket (TGT) was requested.} Account Information: {ACName:Account Name: SQLSVC} Supplied Realm Name: {Domain:PAD} User ID: S-1-5-21-3919716692-2946903121-3479928240-1751 Service Information: Service Name: krbtgt Service ID: S-1-5-21-3919716692-2946903152-3479928250-502 Network Information: Client Address: ::ffff:192.168.1.5 Client Port: 56168 Additional Information: Ticket Options: 0x40810010 Result Code: 0x0 Ticket Encryption Type: 0x12 Pre-Authentication Type: 2 Certificate Information: Certificate Issuer Name: Certificate Serial Number: Certificate Thumbprint: Certificate information is only provided if a certificate was used for pre-authentication. Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
'@
$string |ConvertFrom-String -TemplateContent $temp预期输出为:
Eventid Type ServerName ..etc
4768 Audit Success PAD.Local回答 1
Stack Overflow用户
回答已采纳
发布于 2020-12-23 12:15:51
你可以给你的patern举多个例子,以便更好地分析:
$string=@'
%NICWIN-4-Security_4768_Microsoft-Windows-Security-Auditing: Security,rn=54761543 cid=8228 eid=728,Mon Nov 30 15:59:32 2020,4768,Microsoft-Windows-Security-Auditing,,Audit Success,PAD.Local,Kerberos Authentication Service,,A Kerberos authentication ticket (TGT) was requested. Account Information: Account Name: SQLSVC Supplied Realm Name: PAD User ID: S-1-5-21-3919716692-2946903121-3479928240-1751 Service Information: Service Name: krbtgt Service ID: S-1-5-21-3919716692-2946903152-3479928250-502 Network Information: Client Address: ::ffff:192.168.1.5 Client Port: 56168 Additional Information: Ticket Options: 0x40810010 Result Code: 0x0 Ticket Encryption Type: 0x12 Pre-Authentication Type: 2 Certificate Information: Certificate Issuer Name: Certificate Serial Number: Certificate Thumbprint: Certificate information is only provided if a certificate was used for pre-authentication. Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
'@
$temp=@'
%NICWIN-4-Security_4768_Microsoft-Windows-Security-Auditing: Security,rn=54761543 cid=8228 eid=728,Mon Nov 30 15:59:32 2020,{EventID*:4768},Microsoft-Windows-Security-Auditing,,{Type:Audit Success},{ServerName:PAD.Local},Kerberos Authentication Service,,{Ticket:A Kerberos authentication ticket (TGT) was requested.} Account Information: {ACName:Account Name: SQLSVC} Supplied Realm Name: {Domain:PAD} User ID: S-1-5-21-3919716692-2946903121-3479928240-1751 Service Information: Service Name: krbtgt Service ID: S-1-5-21-3919716692-2946903152-3479928250-502 Network Information: Client Address: ::ffff:192.168.1.5 Client Port: 56168 Additional Information: Ticket Options: 0x40810010 Result Code: 0x0 Ticket Encryption Type: 0x12 Pre-Authentication Type: 2 Certificate Information: Certificate Issuer Name: Certificate Serial Number: Certificate Thumbprint: Certificate information is only provided if a certificate was used for pre-authentication. Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
%NICWIN-4-Security_4768_Microsoft-Windows-Security-Auditing: Security,rn=54761543 cid=8228 eid=728,Mon Nov 30 15:59:32 2020,{EventID*:1},Microsoft-Windows-Security-Auditing,,{Type:Audit Success 2},{ServerName:XXXXX},Kerberos Authentication Service,,{Ticket:A Kerberos authentication ticket (TGT) was requested.} Account Information: {ACName:Account Name: dddddd} Supplied Realm Name: {Domain:XXXXXX} User ID: S-1-5-21-3919716692-2946903121-3479928240-1751 Service Information: Service Name: krbtgt Service ID: S-1-5-21-3919716692-2946903152-3479928250-502 Network Information: Client Address: ::ffff:192.168.1.5 Client Port: 56168 Additional Information: Ticket Options: 0x40810010 Result Code: 0x0 Ticket Encryption Type: 0x12 Pre-Authentication Type: 2 Certificate Information: Certificate Issuer Name: Certificate Serial Number: Certificate Thumbprint: Certificate information is only provided if a certificate was used for pre-authentication. Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
'@
$string |ConvertFrom-String -TemplateContent $temp页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/65418370
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号