I want to create a printer statistic and I have a simple but powerfull XML parser. So I want to export all Events from the printer log to the XML format.
The print server runs Win2008R2. When I want to export the filtered log to XML (I have filtered event ID 307) I've got only 300 events from almost 6000.
Could you help me? I have also tried powershell to export the log, but I'am not able to get the xml structure.
The windows utility wevtutil can do just what you're looking for. I was using it for archiving certain event-log entries into a database. The powershell based methods had several failure-modes that made iterating over a large number of events infeasible. This utility dumps the entire thing in one go, which makes offline parsing much, much faster.
wevtutil qe Security /r:DC01 /q:"*[System[((EventID=307))]]" > evtdump.xml
Specifically, the powershell methods pull events on a retail basis. As it iterates through the loop it's asking the target machine "give me the next event", which requires a lot of back-and-forth to the machine. The speed difference between the wevutil method and the powershell method was significant: it took over an hour to extract an event-log via powershell, but only 2 minutes via wevtutil.
Depends on your use-case though. If the logs you're parsing are not busy or not very large, the powershell method means you don't have to manage files as part of your script.
This should do the trick:
Get-WinEvent | ?{$_.id -eq 307} | Export-Clixml 307Events.xml
