echo ("args: " + $args.Length)
$myyear = (Get-Date).year
echo ("myyear: " + $myyear)
if ($args.Length -lt 1) {
$lastday=(Get-Date -Day 1).AddDays(-1).day
$lastmonth=(Get-Date -Day 1).AddDays(-1).month
}
Else {
$mymonth = [Int]$args[0]
$nextmonth=(Get-Date -Year $myyear -Month $mymonth -Day 1).AddMonths(1).Month
$lastday=(Get-Date -Year $myyear -Month $nextmonth -Day 1).AddDays(-1).day
$lastmonth=$mymonth
}
echo ("lastday: " + $lastday)
echo ("lastmonth: " + $lastmonth)
$LogName = "System"
$StartTime = New-Object System.DateTime $myyear,$lastmonth,01,00,00,00,00
$EndTime = New-Object System.DateTime $myyear,$lastmonth,$lastday,23,59,59,59
# 指定した種類・期間のイベントログを取得する
$EventsList = Get-WinEvent -FilterHashTable @{LogName=$LogName ; StartTime=$StartTime ; EndTime = $EndTime }
$EventsList = $EventsList |Where-Object {($_.Id -eq 12 -and $_.ProviderName -eq "Microsoft-Windows-Kernel-General") -or ($_.Id -eq 109)}
# イベントのリストを出力する
$EventsList | Format-Table -Property TimeCreated
$EventsList | Format-List -Property LogName, MachineName, LevelDisplayName, TimeCreated, ProviderName, Id, UserId, Message
↓ もっと簡単な方法
https://monqy.blogspot.com/2019/04/windows.html