Microsoft Virtualization Discussions

Question about get-nasystemlog -auditlog


So, i needed to pull some information from the auditlog, so I wanted to put my powershell to work..

So, I queried something very simple...

get-nasystemlog -auditlog -starttime 5/21/2012 | ? {$_.value -like "*resize*"}

TimeStampDT        Source       Severity Keyword  Target           Value
-----------        ------       -------- -------  ------           -----
5/21/2012 8:09:10 AM   filer   debugIN   rsh shell       

RSH INPUT COMMAND is priv set -q admin ; lun resize -f "/vol/vol1/qtlun/lun0" 500G ; result -l

But to my surprise, it didn't return any username data.   I had to query the audit log directly with powershell to gather what I was looking for..

I did something like

gc auditlog | % {

(if $_ -like "*resize*" -or $_ -like "*reservation*")

Write-host $_

out-file -inputobject $_ -filepath c:\log.log -append



I'm just curious why i can't pull the usernames from the audit log with native cmdlets...



I think what you are looking for is in the "EventSource" field:

Get-NaSystemLog -AuditLog -StartTime (Get-Date).AddHours(-2) | where { $_.Value -like "*resize*" } | select TimeStampDT, Severity, EventSource, Value

TimeStampDT                   Severity                      EventSource                   Value

-----------                   --------                      -----------                   -----

5/21/2012 4:27:55 PM          debug                         root                          vol resize



Yup beam, that's it.. damn, I shoulda dug through the properties deeper with get-member..

So.. Now, let's say I want to edit the default output of the cmdlet.   Is that even advisable? 


Now, let's say I want to edit the default output of the cmdlet.   Is that even advisable? 

Not sure what you mean.  You can use Add-Member to add additional fields to the objects emitted by Get-NaSystemLog.  Or you can change the values directly (they're just properties), but I'm not sure why you'd need to do that.  You can provide a custom format for the data.  Essentially, you can't change how the cmdlet works, but you can manipulate and display its output however you like.

NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner