Gets the IP of a user login from the event log. Filters out entries where the IP isn't recorded.
Get-WinEvent -Logname Security -FilterXPath "*[System[EventID=4624]]" | Where-Object { $_.Properties[18].Value -ne '-' } | Select-Object MachineName, | |
@{ | |
Name = 'UserName' | |
Expression = { $_.Properties[5].Value } | |
}, | |
@{ | |
Name ='IP' | |
Expression = { $_.Properties[18].Value } | |
}, | |
TimeCreated | Sort-Object -Descending UserName |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment