PowerShell实战3：IAS服务器认证日志

功能：查找IAS服务器上用户认证成功，失败的日志。（IAS通常做为防火墙或无线的Radius服务器）

使用：在代码中自定义IAS服务器地址，日志的开始和结束时间。

源码：

cls
# IAS服务器地址
$IP = "IAS_Server_IP"

# 开始日期，格式为月/日/年
$Start = "9/18/2009"

# 结束日期，格式为月/日/年
$End = "9/20/2009"

$IAS_Log = Get-Eventlog -LogName System -ComputerName $IP -After $Start -Before $End | Where-Object {$_.Source -eq "IAS"}

Write-Host "***********Granted Users*********************" -ForegroundColor Green
foreach ($_ in $IAS_log)
{
    if ($_.EventID -eq "1")
    {
    $Msg = $_.Message
    $Msg = $Msg.Split("\`r")[0];
    Write-host `n $_.TimeGenerated $Msg
    }
}

Write-Host "***********Denied Users*********************" -ForegroundColor Red
foreach ($_ in $IAS_log)
{
    if ($_.EventID -eq "2")
    {
    $Msg = $_.Message
    $Msg = $Msg.Split("\`r")[0];
    Write-host `n $_.TimeGenerated $Msg
    }
}

Write-Host "***********Discarde Users*********************" -ForegroundColor Red
foreach ($_ in $IAS_log)
{
    if ($_.EventID -eq "3")
    {
    $Msg = $_.Message
    $Msg = $Msg.Split("\`r")[0];
    Write-host `n $_.TimeGenerated $Msg
    }
}

结果：

***********Granted Users*********************

9/19/2009 4:50:13 PM User sam was granted access.

9/19/2009 10:40:19 AM User jack was granted access.

9/19/2009 10:18:08 AM User philip was granted access.

***********Denied Users*********************

9/19/2009 12:54:19 AM User marty was denied access.

9/19/2009 12:54:12 AM User marty.frygier was denied access.

9/18/2009 2:56:25 PM User venk was denied access.

***********Discarde Users*********************

本文出自 “面朝大海，春暖花开” 博客，谢绝转载！