代码之家  ›  专栏  ›  技术社区  ›  SE1986

Powershell-获取任务计划程序运行结果的历史记录

scheduled-tasks windows-10 powershell
  •  0
  • SE1986  · 技术社区  · 4 年前

    我有一个Powershell脚本,如下所示: 

    if (something)
{
    # do something
    # will return 0 on success
}
else
{
    exit 12345
}

    我希望能够检查在过去24小时内是否至少有一次成功(返回代码0)(脚本将返回大于0的12345)。

    在另一个脚本中,我有以下代码: 

    
$events = @(
     Get-WinEvent  -FilterXml @'
     <QueryList>
      <Query Id="0" Path="Microsoft-Windows-TaskScheduler/Operational">
       <Select Path="Microsoft-Windows-TaskScheduler/Operational">
        *[EventData/Data[@Name='taskname']='\My Test']
       </Select>
      </Query>
     </QueryList>
'@  -ErrorAction Stop


$events | Where-Object {$_.ID -eq 102} | Select-Object *

    它向我显示了任务运行的历史记录,但我无法从这里找到如何获得运行结果。

    我可以按如下方式询问单个历史项目: 

    $a = $events | Where-Object {$_.ID -eq 102} | Select-Object *
$a[0] | Get-Member

    返回 

    Name                 MemberType   Definition                                                                                                                                         
----                 ----------   ----------                                                                                                                                         
Equals               Method       bool Equals(System.Object obj)                                                                                                                     
GetHashCode          Method       int GetHashCode()                                                                                                                                  
GetType              Method       type GetType()                                                                                                                                     
ToString             Method       string ToString()                                                                                                                                  
ActivityId           NoteProperty guid ActivityId=d6ac8489-c0e1-4dbd-b06e-7ecefaf1c20c                                                                                               
Bookmark             NoteProperty EventBookmark Bookmark=System.Diagnostics.Eventing.Reader.EventBookmark                                                                            
ContainerLog         NoteProperty string ContainerLog=Microsoft-Windows-TaskScheduler/Operational                                                                                    
Id                   NoteProperty int Id=102                                                                                                                                         
Keywords             NoteProperty long Keywords=-9223372036854775807                                                                                                                 
KeywordsDisplayNames NoteProperty ReadOnlyCollection[string] KeywordsDisplayNames=System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]                                 
Level                NoteProperty byte Level=4                                                                                                                                       
LevelDisplayName     NoteProperty string LevelDisplayName=Information                                                                                                                
LogName              NoteProperty string LogName=Microsoft-Windows-TaskScheduler/Operational                                                                                         
MachineName          NoteProperty string MachineName=MyPC.mydomain                                                                                                           
MatchedQueryIds      NoteProperty uint32[] MatchedQueryIds=System.UInt32[]                                                                                                           
Message              NoteProperty string Message=Task Scheduler successfully finished "{d6ac8489-c0e1-4dbd-b06e-7ecefaf1c20c}" instance of the "\My Test" task for user "MyD..."
Opcode               NoteProperty int16 Opcode=2                                                                                                                                     
OpcodeDisplayName    NoteProperty string OpcodeDisplayName=Stop                                                                                                                      
ProcessId            NoteProperty int ProcessId=2544                                                                                                                                 
Properties           NoteProperty List[EventProperty] Properties=System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]                                 
ProviderId           NoteProperty guid ProviderId=de7b24ea-73c8-4a09-985d-5bdadcfa9017                                                                                               
ProviderName         NoteProperty string ProviderName=Microsoft-Windows-TaskScheduler                                                                                                
Qualifiers           NoteProperty object Qualifiers=null                                                                                                                             
RecordId             NoteProperty long RecordId=21093                                                                                                                                
RelatedActivityId    NoteProperty object RelatedActivityId=null                                                                                                                      
Task                 NoteProperty int Task=102                                                                                                                                       
TaskDisplayName      NoteProperty string TaskDisplayName=Task completed                                                                                                              
ThreadId             NoteProperty int ThreadId=14152                                                                                                                                 
TimeCreated          NoteProperty datetime TimeCreated=16/11/2020 13:26:20                                                                                                           
UserId               NoteProperty SecurityIdentifier UserId=S-1-5-18                                                                                                                 
Version              NoteProperty byte Version=0

    但是,我在任何一处房产中都找不到我需要的信息。我希望它以十六进制格式存储在某个地方 (0x3039) .

    0 回复  |  直到 1 年前
        1
  •  0
  •   Rob    4 年前

    您是否尝试在事件的XML输出中查找输出代码? 

    foreach ($e in $events){
    [xml]$eXmls = $e.ToXml()
    $eXmls.event.EventData
}
        2
  •  0
  •   postanote    4 年前

    你有你需要的东西。您只需将其曝光以供查看/捕获等。 下面的示例是使用原始的Windows沙盒,配置日志,创建一个简单的任务,运行一次,并获取结果。 

    wevtutil set-log Microsoft-Windows-TaskScheduler/Operational /enabled:true
wevtutil get-log Microsoft-Windows-TaskScheduler/Operational

Get-WinEvent -ListLog * | 
Where-Object -Property logname -match task
# Results
<#
LogMode   MaximumSizeInBytes RecordCount LogName                                                                                                                                              
-------   ------------------ ----------- -------                                                                                                                                              
Circular            10485760          37 Microsoft-Windows-TaskScheduler/Operational                                                                                                          
Circular             1052672           8 Microsoft-Windows-TaskScheduler/Maintenance                                                                                                          
Circular             1052672           0 Microsoft-Windows-Shell-Core/LogonTasksChannel                                                                                                       
Circular             1052672           0 Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Operational                                                                                
Circular             1052672           0 Microsoft-Windows-BackgroundTaskInfrastructure/Operational   
#>


$XmlQuery = @'
     <QueryList>
      <Query Id="0" Path="Microsoft-Windows-TaskScheduler/Operational">
       <Select Path="Microsoft-Windows-TaskScheduler/Operational">
        *[EventData/Data[@Name='taskname']='\TestTask']
       </Select>
      </Query>
     </QueryList>
'@

Get-WinEvent -FilterXml $XmlQuery
# Results
<#
   ProviderName: Microsoft-Windows-TaskScheduler

TimeCreated                      Id LevelDisplayName Message                                                                                                                                  
-----------                      -- ---------------- -------                                                                                                                                  
11/16/2020 2:52:16 PM           102 Information      Task Scheduler successfully finished "{ca247629-6342-4e3d-9848-af234f84ae0c}" instance of the "\TestTask" task for user "F2B00BB4-0260...
11/16/2020 2:52:16 PM           201 Information      Task Scheduler successfully completed task "\TestTask" , instance "{ca247629-6342-4e3d-9848-af234f84ae0c}" , action "C:\Windows\System...
11/16/2020 2:52:08 PM           110 Information      Task Scheduler launched "{ca247629-6342-4e3d-9848-af234f84ae0c}"  instance of task "\TestTask"  for user "WDAGUtilityAccount" .          
11/16/2020 2:52:08 PM           200 Information      Task Scheduler launched action "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE" in instance "{ca247629-6342-4e3d-9848-af234...
11/16/2020 2:52:08 PM           100 Information      Task Scheduler started "{ca247629-6342-4e3d-9848-af234f84ae0c}" instance of the "\TestTask" task for user "F2B00BB4-0260-4\WDAGUtility...
11/16/2020 2:52:08 PM           129 Information      Task Scheduler launch task "\TestTask" , instance "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE"  with process ID 5520.     
11/16/2020 2:52:04 PM           106 Information      User "F2B00BB4-0260-4\WDAGUtilityAccount"  registered Task Scheduler task "\TestTask
#>

($events = @(
     Get-WinEvent -FilterXml $XmlQuery -ErrorAction Stop
)) | 
Where-Object {$PSItem.ID -eq 106} | 
Select-Object -Property '*' -First 1 | 
Format-List -Force
<#
Message              : User "F2B00BB4-0260-4\WDAGUtilityAccount"  registered Task Scheduler task "\TestTask"
Id                   : 106
Version              : 0
Qualifiers           : 
Level                : 4
Task                 : 106
Opcode               : 0
Keywords             : -9223372036854775808
RecordId             : 1
ProviderName         : Microsoft-Windows-TaskScheduler
ProviderId           : de7b24ea-73c8-4a09-985d-5bdadcfa9017
LogName              : Microsoft-Windows-TaskScheduler/Operational
ProcessId            : 960
ThreadId             : 1440
MachineName          : f2b00bb4-0260-425b-b5d3-7b0331e05b80
UserId               : S-1-5-18
TimeCreated          : 11/16/2020 2:52:04 PM
ActivityId           : 
RelatedActivityId    : 
ContainerLog         : Microsoft-Windows-TaskScheduler/Operational
MatchedQueryIds      : {}
Bookmark             : System.Diagnostics.Eventing.Reader.EventBookmark
LevelDisplayName     : Information
OpcodeDisplayName    : Info
TaskDisplayName      : Task registered
KeywordsDisplayNames : {}
Properties           : {System.Diagnostics.Eventing.Reader.EventProperty, System.Diagnostics.Eventing.Reader.EventProperty}
#>



(($events = @(
     Get-WinEvent -FilterXml $XmlQuery -ErrorAction Stop
)) | 
Where-Object {$PSItem.ID -eq 106} | 
Select-Object -Property '*' -First 1).Message
# Results
<#
User "F2B00BB4-0260-4\WDAGUtilityAccount"  registered Task Scheduler task "\TestTask"
#>



(($events = @(
     Get-WinEvent -FilterXml $XmlQuery -ErrorAction Stop
)) | 
Where-Object {$PSItem.ID -eq 106} | 
Select-Object -Property '*' -First 1).Opcode
# Results
<#
0
#>

# Code Reference
<#
Op Codes    Description
________    ____________
0 or 0x0    The operation completed successfully.
1 or 0x1    Incorrect function called or unknown function called.
2 or 0x2    File not found.
10 or 0xa   The environment is incorrect.
0x41300     Task is ready to run at its next scheduled time.
0x41301     Task is currently running.
0x41302     Task is disabled.
0x41303     Task has not yet run.
0x41304     There are no more runs scheduled for this task.
0x41306     Task is terminated.
0x8004131F  An instance of this task is already running.
0x800704DD  The service is not available (is ‘Run only when a user is logged on’ checked?)
0xC000013A  The application terminated as a result of a CTRL+C.
0xC06D007E  Unknown software exception.
#>
    推荐文章
    Don Shappelle  ·  Powershell作为导入模块的计划任务问题,似乎
    6 年前
    nightsurfer  ·  批处理文件无限运行
    6 年前
    Varun  ·  R: 自动在云端抓取和存储Twitter数据
    6 年前
    Naveen qamnott  ·  Spring boot@Scheduled fails SQL错误:17008,SQLState:08003
    6 年前
    lai mang  ·  通过任务调度器运行WinSCP脚本
    6 年前
    jaletechs  ·  作业或任务调度
    6 年前
    pinegulf  ·  Jenkins-每个月底前2天运行作业
    6 年前
    Trytio  ·  同时处理非成员函数指针和成员函数指针
    6 年前
    Richiedlon  ·  芹菜任务队列
    6 年前
    K. Meke  ·  Coldfusion 2016-“此版本的Coldfusion server中不提供高级调度支持。”
    6 年前
    关于   移动版
    代码之家 - 一站式码农服务社区
    沪ICP备11025650号