Set-ExecutionPolicy RemoteSigned
Add-Type –Path ‘C:\Program Files (x86)\MySQL\MySQL Connector Net 6.10.9\Assemblies\v4.5.2\MySql.Data.dll'
$Connection = [MySql.Data.MySqlClient.MySqlConnection]@{ConnectionString='server=
192.168.1.80;uid=admin;pwd= ;database=windows_logs2;'}
$Connection.Open()
$sql = New-Object MySql.Data.MySqlClient.MySqlCommand
$sql.Connection = $Connection
$today = get-date -DisplayHint date -UFormat %Y-%m-%d
Get-WinEvent -FilterHashTable @{LogName="Security";starttime="$today";id=4624,4778,4634,4799} | Foreach {
$event = [xml]$_.ToXml()
if($event)
{
$Time = Get-Date $_.TimeCreated -UFormat "%Y-%m-%d %H:%M:%S"
$User = $event.Event.EventData.Data[1]."#text"
$Computer = $
event.Event.System.computer$LogonType = $_.Message -replace '(?smi).*Тип входа:\s+([^\s]+)\s+.*','$1'
$ClientIP = $_.Message -replace '(?smi).*Сетевой адрес источника:\s+([^\s]+)\s+.*','$1'
$Eventsid = ?????????????
$sql.CommandText = "INSERT INTO track_login (servername, username,EventID, dt_time,logon_type,ip_address ) VALUES ('$Computer','$User','$Eventsid','$Time','$LogonType','$ClientIP')"
$sql.ExecuteNonQuery()
}
}
$Reader.Close()
$Connection.Close()