# Event Log Readers

* **Pesquisando logs de segurança usando o wevtutil**

```ps
wevtutil qe Security /rd:true /f:text | Select-String "/user"
```

* **Passando credenciais para wevtutil**

```powershell
wevtutil qe Security /rd:true /f:text /r:share01 /u:julie.clay /p:Welcome1 | findstr "/user"
```

* **Pesquisando logs de segurança usando Get-WinEvent**

```ps
Get-WinEvent -LogName security | where { $_.ID -eq 4688 -and $_.Properties[8].Value -like '*/user*'} | Select-Object @{name='CommandLine';expression={ $_.Properties[8].Value }}
```