Microsoft Virtualization Discussions


Question about get-nasystemlog -auditlog

So, i needed to pull some information from the auditlog, so I wanted to put my powershell to work..

So, I queried something very simple...

get-nasystemlog -auditlog -starttime 5/21/2012 | ? {$_.value -like "*resize*"}

TimeStampDT        Source       Severity Keyword  Target           Value
-----------        ------       -------- -------  ------           -----
5/21/2012 8:09:10 AM   filer   debugIN   rsh shell       

RSH INPUT COMMAND is priv set -q admin ; lun resize -f "/vol/vol1/qtlun/lun0" 500G ; result -l

But to my surprise, it didn't return any username data.   I had to query the audit log directly with powershell to gather what I was looking for..

I did something like

gc auditlog | % {

(if $_ -like "*resize*" -or $_ -like "*reservation*")

Write-host $_

out-file -inputobject $_ -filepath c:\log.log -append



I'm just curious why i can't pull the usernames from the audit log with native cmdlets...


Re: Question about get-nasystemlog -auditlog

I think what you are looking for is in the "EventSource" field:

Get-NaSystemLog -AuditLog -StartTime (Get-Date).AddHours(-2) | where { $_.Value -like "*resize*" } | select TimeStampDT, Severity, EventSource, Value

TimeStampDT                   Severity                      EventSource                   Value

-----------                   --------                      -----------                   -----

5/21/2012 4:27:55 PM          debug                         root                          vol resize



Re: Question about get-nasystemlog -auditlog

Yup beam, that's it.. damn, I shoulda dug through the properties deeper with get-member..

So.. Now, let's say I want to edit the default output of the cmdlet.   Is that even advisable? 

Re: Question about get-nasystemlog -auditlog

Now, let's say I want to edit the default output of the cmdlet.   Is that even advisable? 

Not sure what you mean.  You can use Add-Member to add additional fields to the objects emitted by Get-NaSystemLog.  Or you can change the values directly (they're just properties), but I'm not sure why you'd need to do that.  You can provide a custom format for the data.  Essentially, you can't change how the cmdlet works, but you can manipulate and display its output however you like.

Cloud Volumes ONTAP
Review Banner
All Community Forums