Microsoft Virtualization Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Microsoft Virtualization Discussions

Ask a Question

Question about get-nasystemlog -auditlog

JGPSHNTAP
‎2012-05-21 12:34 PM
4,189 Views

So, i needed to pull some information from the auditlog, so I wanted to put my powershell to work..

So, I queried something very simple...

get-nasystemlog -auditlog -starttime 5/21/2012 | ? {$_.value -like "*resize*"}

TimeStampDT        Source       Severity Keyword  Target           Value
-----------        ------       -------- -------  ------           -----
5/21/2012 8:09:10 AM   filer   debugIN   rsh shell       

RSH INPUT COMMAND is priv set -q admin ; lun resize -f "/vol/vol1/qtlun/lun0" 500G ; result -l

But to my surprise, it didn't return any username data.   I had to query the audit log directly with powershell to gather what I was looking for..

I did something like

gc auditlog | % {

(if $_ -like "*resize*" -or $_ -like "*reservation*")

Write-host $_

out-file -inputobject $_ -filepath c:\log.log -append

}

}

I'm just curious why i can't pull the usernames from the audit log with native cmdlets...

0 Kudos
View By:
3 REPLIES 3

beam
NetApp
‎2012-05-21 01:33 PM
4,189 Views

I think what you are looking for is in the "EventSource" field:

Get-NaSystemLog -AuditLog -StartTime (Get-Date).AddHours(-2) | where { $_.Value -like "*resize*" } | select TimeStampDT, Severity, EventSource, Value

TimeStampDT                   Severity                      EventSource                   Value

-----------                   --------                      -----------                   -----

5/21/2012 4:27:55 PM          debug                         root                          vol resize

-Steven

0 Kudos

JGPSHNTAP
‎2012-05-21 03:27 PM
In response to beam
4,189 Views

Yup beam, that's it.. damn, I shoulda dug through the properties deeper with get-member..

So.. Now, let's say I want to edit the default output of the cmdlet.   Is that even advisable? 

0 Kudos

cknight
NetApp
‎2012-05-22 01:42 PM
In response to JGPSHNTAP
4,189 Views 
Now, let's say I want to edit the default output of the cmdlet.   Is that even advisable? 

Not sure what you mean.  You can use Add-Member to add additional fields to the objects emitted by Get-NaSystemLog.  Or you can change the values directly (they're just properties), but I'm not sure why you'd need to do that.  You can provide a custom format for the data.  Essentially, you can't change how the cmdlet works, but you can manipulate and display its output however you like.

0 Kudos
All Community Forums
Public