Rebonjour!
J'ai finalement trouvé une solution!
gwmi -query "Select * from Win32_NTLogEvent Where Logfile = 'Security' and eventcode = 4625" | foreach-object {$_.message} | select-string -pattern "(\d+\.\d+\.\d+\.\d+)" | foreach-object {$_.Matches} | foreach-object {$_.Value} | Group-Object -Property ("length")[0].group | Where-Object {$_.count -gt 4} | foreach-object {$_.name} | select-string -pattern "(\d+\.\d+\.\d+\.\d+)" | select-string -pattern "\w" | foreach-object {$_.line} | out-file fichier.txt
Tout ça en une ligne seulement
Partager