Export entire Windows Log to XML

windows windows-server-2008 powershell windows-event-log
7,505

Solution 1

The windows utility wevtutil can do just what you're looking for. I was using it for archiving certain event-log entries into a database. The powershell based methods had several failure-modes that made iterating over a large number of events infeasible. This utility dumps the entire thing in one go, which makes offline parsing much, much faster.

wevtutil qe Security /r:DC01 /q:"*[System[((EventID=307))]]" > evtdump.xml

Specifically, the powershell methods pull events on a retail basis. As it iterates through the loop it's asking the target machine "give me the next event", which requires a lot of back-and-forth to the machine. The speed difference between the wevutil method and the powershell method was significant: it took over an hour to extract an event-log via powershell, but only 2 minutes via wevtutil.

Depends on your use-case though. If the logs you're parsing are not busy or not very large, the powershell method means you don't have to manage files as part of your script.

Solution 2

This should do the trick:

Get-WinEvent | ?{$_.id -eq 307} | Export-Clixml 307Events.xml
Share:
7,505

Related videos on Youtube

user1169051
Author by

user1169051

Updated on September 18, 2022

Comments

  • user1169051
    user1169051 over 1 year

    I want to create a printer statistic and I have a simple but powerfull XML parser. So I want to export all Events from the printer log to the XML format.

    The print server runs Win2008R2. When I want to export the filtered log to XML (I have filtered event ID 307) I've got only 300 events from almost 6000.

    Could you help me? I have also tried powershell to export the log, but I'am not able to get the xml structure.

  • user1169051
    user1169051 over 12 years
    but if i use this powershell script the xml file has not the windows event xml structure and so it is not easy to parse it

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to export all System event logs of a definite time period
Is it possible to upgrade PowerShell 3 on Windows Server 2008 SP2 to higher versions?
Task scheduler doesn't work unless I run it manually
How to Get user info from different domain
windows event log forwarding permission
What would cause so many EventID 4656 PlugPlayManager Security Audit Failures at one time?
Relocating event logs in Windows Server 2008 R2
How can I view login/logoff times for Windows Server 2008?
How to delete event source windows 2008
Free application or script to monitor App pool memory usage