Gets the IP of a user login from the event log. Filters out entries where the IP isn't recorded.
| Get-WinEvent -Logname Security -FilterXPath "*[System[EventID=4624]]" | Where-Object { $_.Properties[18].Value -ne '-' } | Select-Object MachineName, | |
| @{ | |
| Name = 'UserName' | |
| Expression = { $_.Properties[5].Value } | |
| }, | |
| @{ | |
| Name ='IP' | |
| Expression = { $_.Properties[18].Value } | |
| }, | |
| TimeCreated | Sort-Object -Descending UserName |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment