i am trying to objectify the security event log by using the ConvertFrom-String PowerShell cmdlet, but am not able to work it out.
First i am getting the event/s from my DC.
$events = Get-WinEvent -ComputerName $comp FilterHashtable @{logname='security';id=4727}
Next i define my template.
$tmpl = @'
{Event:A security-enabled global group was created.}
Subject:
Security ID: S-1-5*
{SubjectName:Account Name: andrew}
Account Domain: DOMAIN
Logon ID: 0x16D280EB
New Group:
Security ID: S-1-5*
{GroupName:Group Name: test1}
Group Domain: DOMAIN
Attributes:
SAM Account Name: test1
SID History: -
Additional Information:
Privileges: -
'@
Finally i try to turn it into objects.
($events).message | ConvertFrom-String -TemplateContent $tmpl
But my output is only
Event: A security-enabled global group was created.
Instead, I want to get something like;
- Event: A security-enabled global group was created
- SubjectName: andrew
- GroupName: test1
And i would like this to be compatible to loop through many similar events to pull out the right bits??
