Im trying to filter this query by date (get values after $time). I am not doing this at -filter parameter cause i am getting error on a Windows Server 2003 SP2.
$colLogFiles = Get-WmiObject -Class Win32_NTLogEvent -ComputerName "localhost" | Where-Object {($_.EventType -eq "1") -or (($_.EventType -eq "2") -and ($_.TimeGenerated -gt $time))}
But that last condition it is not doing anything and i think it is because datetime format its not being recognized. An example of $_.TimeGenerated is 20181213144843.186997-000
Exists any way to do this or change that datetime format?
I solved it by making it in Python with the library win32com. And then i add it a filter with this date format!
time = datetime.today() + timedelta(hours=5, minutes=-10)
timeFormatted = time.strftime("%Y%m%d%H%M%S.000000-000")
The system wmi format have a GTM 0, but my pc is GTM -5 that is why i am adding 5 hours.
Query:
query = "Select * from Win32_NTLogEvent where (EventType = 1 or EventType = 2) and TimeGenerated >= " + "\"" + timeFormatted + "\""
2003 is so limiting!
Thanks all