Powershell小技巧之通过EventLog查看近期电脑开机和关机时间

  • Z时代
  • 2024-01-10
  • 分类:综合

机器开机和关机时写在EventLog中的第一条日志和最后一条日志分别为:6005和6006。

TimeCreated           Id LevelDisplayName Message
-----------           -- ---------------- -------
8/18/2014 9:23:04 AM     6005 Information   The Event log service was started.  
8/15/2014 7:03:48 PM     6006 Information   The Event log service was stopped.

所以根据上面的信息很容易得出机器的开机,关机,在线时间,代码为:

Function Get-ComputerUptimeHistory { 
 $q=' 
<QueryList> 
 <Query Id="0" Path="System"> 
  <Select Path="System">*[System[(EventID=6005 or EventID=6006)]]</Select> 
 </Query> 
</QueryList>'
$events = Get-WinEvent -FilterXml $q
$i=-1 
while ( $i+1 -lt $events.length ) { 
 if($i -eq -1) 
 { 
 [PSCustomObject]@{ 
 StartTime = $events[0].TimeCreated; 
 StopTime = $null ; 
 UpTime = [datetime]::Now - $events[0].TimeCreated 
 } 
 } 
 else{ 
 [PSCustomObject]@{ 
 StartTime = $events[$i+1].TimeCreated; 
 StopTime = $events[$i].TimeCreated ; 
 UpTime = $events[$i].TimeCreated - $events[$i+1].TimeCreated 
 } 
 } 
 $i += 2 
} 
}

输出为:

PS> Get-ComputerUptimeHistory | ft -AutoSize
StartTime       StopTime       UpTime
---------       --------       ------
8/18/2014 9:23:04 AM            2.05:00:22.5891685
8/13/2014 9:30:42 AM 8/15/2014 7:03:48 PM 2.09:33:06
7/22/2014 12:16:09 PM 8/13/2014 9:29:09 AM 21.21:13:00
7/22/2014 9:23:08 AM 7/22/2014 11:26:08 AM 02:03:00
7/17/2014 11:08:57 AM 7/21/2014 6:20:28 PM 4.07:11:31
7/14/2014 9:35:11 AM 7/17/2014 11:07:25 AM 3.01:32:14
7/10/2014 3:01:53 PM 7/14/2014 9:21:48 AM 3.18:19:55
7/8/2014 5:04:02 PM  7/10/2014 2:58:36 PM 1.21:54:34
6/30/2014 9:17:28 AM 7/8/2014 5:01:24 PM  8.07:43:56
6/29/2014 10:24:50 AM 6/29/2014 6:04:09 PM 07:39:19
6/20/2014 9:33:08 AM 6/27/2014 6:18:34 PM 7.08:45:26
6/16/2014 3:05:45 PM 6/20/2014 9:31:16 AM 3.18:25:31
6/12/2014 9:40:05 AM 6/16/2014 3:04:02 PM 4.05:23:57
6/6/2014 2:52:11 PM  6/12/2014 9:37:46 AM 5.18:45:35
6/5/2014 10:55:20 AM 6/6/2014 2:51:09 PM  1.03:55:49
6/5/2014 9:19:38 AM  6/5/2014 10:54:04 AM 01:34:26
6/3/2014 1:33:24 PM  6/4/2014 7:58:58 PM  1.06:25:34
5/30/2014 10:07:06 AM 6/3/2014 1:31:24 PM  4.03:24:18
5/29/2014 5:30:33 PM 5/30/2014 9:41:41 AM 16:11:08
5/29/2014 5:28:57 PM 5/29/2014 5:29:43 PM 00:00:46
5/29/2014 2:52:58 PM 5/29/2014 5:26:57 PM 02:33:59
5/29/2014 2:50:31 PM 5/29/2014 2:51:06 PM 00:00:35
5/27/2014 11:54:43 AM 5/29/2014 2:47:29 PM 2.02:52:46
5/23/2014 5:31:18 PM 5/26/2014 9:16:33 AM 2.15:45:15
5/22/2014 6:00:29 PM 5/23/2014 9:16:45 AM 15:16:16
5/21/2014 4:38:22 PM 5/21/2014 4:40:07 PM 00:01:45
5/21/2014 9:43:59 AM 5/21/2014 4:36:34 PM 06:52:35
5/19/2014 11:27:28 AM 5/21/2014 9:42:32 AM 1.22:15:04
5/19/2014 9:25:56 AM 5/19/2014 9:27:00 AM 00:01:04
5/15/2014 9:23:15 AM 5/15/2014 9:24:16 AM 00:01:01
5/15/2014 11:18:45 AM 5/15/2014 11:19:49 AM 00:01:04

以上是 Powershell小技巧之通过EventLog查看近期电脑开机和关机时间 的全部内容, 来源链接: utcz.com/z/350065.html

回到顶部