Skip to content

Instantly share code, notes, and snippets.

@bentaylorwork

bentaylorwork/Get-EventLogLoginIp.ps1

Created September 29, 2017 14:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save bentaylorwork/eeb86ba08cbdbba70709b3cdfb7f29af to your computer and use it in GitHub Desktop.
Save bentaylorwork/eeb86ba08cbdbba70709b3cdfb7f29af to your computer and use it in GitHub Desktop.
Download ZIP
Gets the IP of a user login from the event log. Filters out entries where the IP isn't recorded.
Raw
Get-EventLogLoginIp.ps1
Get-WinEvent -Logname Security -FilterXPath "*[System[EventID=4624]]" | Where-Object { $_.Properties[18].Value -ne '-' } | Select-Object MachineName,
@{
Name = 'UserName'
Expression = { $_.Properties[5].Value }
},
@{
Name ='IP'
Expression = { $_.Properties[18].Value }
},
TimeCreated | Sort-Object -Descending UserName
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment