So, i needed to pull some information from the auditlog, so I wanted to put my powershell to work..
So, I queried something very simple...
get-nasystemlog -auditlog -starttime 5/21/2012 | ? {$_.value -like "*resize*"}
TimeStampDT | Source | Severity Keyword Target | Value |
----------- | ------ | -------- ------- ------ | ----- |
5/21/2012 8:09:10 AM filer | debug | IN | rsh shell | RSH INPUT COMMAND is priv set -q admin ; lun resize -f "/vol/vol1/qtlun/lun0" 500G ; result -l |
But to my surprise, it didn't return any username data. I had to query the audit log directly with powershell to gather what I was looking for..
I did something like
gc auditlog | % {
(if $_ -like "*resize*" -or $_ -like "*reservation*")
Write-host $_
out-file -inputobject $_ -filepath c:\log.log -append
}
}
I'm just curious why i can't pull the usernames from the audit log with native cmdlets...