get-wmiobject to pull logs using Win32_NTLogEvent

问题

I have to use get-wmiobject to pull logs off of a remote server. WinEvent doesn't work with 2003 servers and I'm getting blocked using eventlog. When I run the following command in powershell it works just fine, but when I send the output to a file I get completely different results and I'm not sure why?

Get-WmiObject -computername $server -query "SELECT * FROM Win32_NTLogEvent WHERE (logfile='system') AND (EventCode='19') AND (TimeWritten>'$begindate')")

The output in powershell:

Category         : 8
CategoryString   : Installation
EventCode        : 19
EventIdentifier  : 19
TypeEvent        :
InsertionStrings : {Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2836941)}
LogFile          : System
Message          : Installation Successful: Windows successfully installed the following update: Update for Microsoft .
                   NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2836941)

The output of the same command made into a variable and moved ($x > file.txt) is completely different.

servername\root\cimv2:Win32_NTLogEvent.Logfile="System",RecordNumber=89477

Any ideas?

Edit**

foreach($server in $servers) {
 $day = (Get-Date -UFormat %d)
 $hour = (Get-Date -UFormat %M)
 if ( $hour -lt "30") {
  $BeginDate=[System.Management.ManagementDateTimeConverter]::ToDMTFDateTime((get-date).AddDays(-30))
  $log = (Get-WmiObject -computername $server -query "SELECT * FROM Win32_NTLogEvent WHERE (logfile='system') AND (EventCode='19') AND (TimeWritten>'$begindate')")
 }
 $FullLog += $server + '= [{ 
        "logfile":"' + $log + '"
        }]' + "`r`n"
}
Clear-Content UpdateLog.js
$FullLog > UpdateLog.js

回答1:

So the answer was that the variable that contained the log information couldn't be combined with other strings in another variable.

$FullLog += $server + $log (would not work)
$FullLog += $log (would work)

Solution? I broke up the information:

foreach($server in $servers) {
 $BeginDate=[System.Management.ManagementDateTimeConverter]::ToDMTFDateTime((get-date).AddDays(-30))
 $mylog = Get-WmiObject Win32_NTLogEvent -filter "(logfile='system') AND (EventCode='19') AND (TimeWritten>'$BeginDate')" -computername $server
 $First = $server + '= [{ 
        "SuccessUpdate":"'
 $Last = '"}]'      

 $First >> UpdateLog.js
 $mylog >> UpdateLog.js
 $Last >> UpdateLog.js
 write-host $server "logs are uploaded."
}

来源：https://stackoverflow.com/questions/18157169/get-wmiobject-to-pull-logs-using-win32-ntlogevent