功能:查找IAS服务器上用户认证成功,失败的日志。(IAS通常做为防火墙或无线的Radius服务器)
使用:在代码中自定义IAS服务器地址,日志的开始和结束时间。
源码:
cls
# IAS服务器地址
$IP = "IAS_Server_IP"# 开始日期,格式为月/日/年
$Start = "9/18/2009"# 结束日期,格式为月/日/年
$End = "9/20/2009"$IAS_Log = Get-Eventlog -LogName System -ComputerName $IP -After $Start -Before $End | Where-Object {$_.Source -eq "IAS"}Write-Host "***********Granted Users*********************" -ForegroundColor Green
foreach ($_ in $IAS_log)
{
if ($_.EventID -eq "1")
{
$Msg = $_.Message
$Msg = $Msg.Split("/`r")[0];
Write-host `n $_.TimeGenerated $Msg
}
}Write-Host "***********Denied Users*********************" -ForegroundColor Red
foreach ($_ in $IAS_log)
{
if ($_.EventID -eq "2")
{
$Msg = $_.Message
$Msg = $Msg.Split("/`r")[0];
Write-host `n $_.TimeGenerated $Msg
}
}Write-Host "***********Discarde Users*********************" -ForegroundColor Red
foreach ($_ in $IAS_log)
{
if ($_.EventID -eq "3")
{
$Msg = $_.Message
$Msg = $Msg.Split("/`r")[0];
Write-host `n $_.TimeGenerated $Msg
}
}
结果:
***********Granted Users*********************9/19/2009 4:50:13 PM User sam was granted access.9/19/2009 10:40:19 AM User jack was granted access.9/19/2009 10:18:08 AM User philip was granted access.
***********Denied Users*********************9/19/2009 12:54:19 AM User marty was denied access.9/19/2009 12:54:12 AM User marty.frygier was denied access.9/18/2009 2:56:25 PM User venk was denied access.
***********Discarde Users*********************
本文出自 “面朝大海,春暖花开” 博客,谢绝转载!