Hello
I need to create a stream (and relative alert) when eventvwr writes on Powershell registry startup/shutdown of Powershell script execution
EventID are 400 and 403 (600 is another ID but I don’t want to consider)
Obviously the script starts with event 400 and closes after some time with event 403
Hello && Welcome @monsterspecial
Happy to help with technical questions what does your environment look like? What have you tried? Where are you stuck?
Check out the below post to help provide some relevant information so we can help you…
My problem is to notify when a powershell script is start (& stop) on a Windows Server
On Windows Powershell registry (on eventvwr) i can stream an event or another but not the couple (on the full_message field exist a value indicated as "RunspaceID)
I generally understand the problem you are facing… the community is a place were we can answer questions when you are stuck or want to know more.
Here is documentation on how to create a stream…
You can apply pipelines to pull out your data…
I am not sure exactly what you want for an answer…
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
