Hello,

I've tried searching the web and I hope there's a simple solution to my problem.  What we're attempting to do is extract information on a monthly basis from the Windows security logs that display all user logins for the past month.  Here is the script we're using below:

$data = @()

$events = get-eventlog security -InstanceId 4624 -After 07-31-2010 -Before 08-02-2010 | Select TimeGenerated,ReplacementStrings

foreach ($event in $events) { $row = "" | Select TimeGenerated,Computername,SecurityID $row.Computername = $env:computername $row.TimeGenerated = $event.TimeGenerated $row.SecurityID = $event.ReplacementStrings[6] + "\" + $event.ReplacementStrings[5] $data += $row
}
$data

The problem we're having is we need to add the time of day to the dates in the -Before and -After parameters.  We need the script to pull all 4624 events starting from 7-1-2010 01:00:00 through 8-1-2010 01:00:00. 

I've tried using get-eventlog security -InstanceId 4624 -After 07-31-2010, 01:00:00 and Powershell doesn't like it.  Suggestions?  Thanks.

Jeff

The Before and After parameters accept DateTime values, not String values like you are trying to pass in.

$data = @()

$culture = New-Object System.Globalization.CultureInfo -ArgumentList "en-US"
$before = [DateTime]::Parse('07-31-2010 01:00:00', $culture)
$after = [DateTime]::Parse('08-02-2010 01:00:00', $culture)

Get-EventLog -LogName Security -InstanceId 4624 -After $after -Before $before | Select-Object -Property TimeGenerated, ReplacementStrings | ForEach-Object {
    $data += New-Object PSObject -Property @{
        ComputerName = $env:ComputerName
        TimeGenerated = $_.TimeGenerated
        SecurityId = $_.ReplacementStrings[6] + "\" + $_.ReplacementStrings[5]
    }
}

$data

Thank you GWHowarth88, that worked perfectly!!