如何用powershell脚本查看用户的操作记录

本文以azure为例，为大家分析用powershell脚本查看用户的操作记录的方法。阅读完整文相信大家对powershell脚本的使用方法有了一定的认识。

下边来看下代码的内容，其实是很简单的

param (    [parameter(Mandatory = $false)]    [Int]$MaxRecords = 100000,    [parameter(Mandatory = $true)]    [string]$User    )function Write-DateTimeMessage {    param (        [parameter(Mandatory = $false)]        [switch]$Warning,        [parameter(Mandatory = $true)]        [string]$Message,        [parameter(Mandatory = $false)]        [string]$ForegroundColor            )            if ($Warning) {        Write-Warning ($(Get-Date -UFormat '%Y/%m/%d %H:%M:%S') + " * " + $Message)    }    else {        if ($ForegroundColor) {            Write-Host ($(Get-Date -UFormat '%Y/%m/%d %H:%M:%S') + " * " + $Message) -ForegroundColor $ForegroundColor        }        else {            Write-Host ($(Get-Date -UFormat '%Y/%m/%d %H:%M:%S') + " * " + $Message)        }    }    }                  [pscustomobject[]]$UserObjects = $null$Subscriptions = Get-AzureRmSubscriptionforeach ($subscription in $Subscriptions) {        " "    "Querying Subscription:"    $SubscriptionID = $Subscription.Id    $SubscriptionName = $Subscription.Name    Select-AzureRmSubscription -SubscriptionId $SubscriptionID -InformationAction SilentlyContinue        Write-DateTimeMessage -Message "Retrieving logs, please wait..."    $logs = Get-AzureRmLog -ResourceProvider Microsoft.Compute -StartTime (Get-Date).AddDays(-90) -Maxrecord $MaxRecords    foreach ($log in $logs) {        if ($log.caller -eq $User) {            $UserObject = New-Object -TypeName psobject            $UserObject | Add-Member -MemberType NoteProperty -Name SubscriptionName -Value $SubscriptionName            $UserObject | Add-Member -MemberType NoteProperty -Name SubscriptionID -Value $SubscriptionID            $UserObject | Add-Member -MemberType NoteProperty -Name ResourceGroup -Value $log.ResourceGroupName            $UserObject | Add-Member -MemberType NoteProperty -Name Caller -Value $log.caller            $UserObject | Add-Member -MemberType NoteProperty -Name Operation -Value $log.OperationName.Value            $UserObject | Add-Member -MemberType NoteProperty -Name ResourceId -Value $log.ResourceId            $UserObject | Add-Member -MemberType NoteProperty -Name Time -Value $log.EventTimestamp            $UserObjects += $UserObject        }    }}$OutputPath = Join-Path -Path ([Environment]::GetFolderPath("Desktop")) -ChildPath ("AzureUserAction-" + $(Get-Date -Format "yyyyMMdd-HHmmss") + ".csv")if ($null -ne $UserObjects) {        $UserObjects | Export-Csv -NoTypeInformation -LiteralPath $OutputPath    Write-DateTimeMessage -Message "Please check $OutputPath" -Warning}else {    Write-DateTimeMessage  "Didn't get information, please check" -warning    }

我们来尝试着运行一下脚本Get-AzureUserActionLog.ps1 -User "xxx@xxx.partner.onmschina.cn", -User的作用是我们可以根据这个参数筛选出来特定的用户

脚本执行完成后，可以在桌面上看到一个csv文件，里边会记录查询出来log

提醒一点，因为Azure后台的限制，这只能查询到最近90天之内的log。

看完这篇文章，你们学会用powershell脚本查看用户的操作记录了吗？如果还想学到更多技能或想了解更多相关内容，欢迎关注行业资讯频道，感谢各位的阅读。