I have a Custom View in the Event Viewer with a couple of Event id's. I know you can save those event id's in an .evtx file to open it. This proces has to be executed manually. Now is my question, how can I automate this? Through a PowerShell script perhaps or via a task in the Task Scheduler? I would like to execute this every friday of the week. I hope somebody can help me.
Asked
Active
Viewed 1,819 times
1 Answers
1
You will be best server saving the XML from the custom view filter, and using it to run a powershell script that queries the event viewer using the XML as filter.
There's a technet blogpost explaining how to do just that at: http://blogs.technet.com/b/heyscriptingguy/archive/2011/11/14/use-custom-views-from-windows-event-viewer-in-powershell.aspx
Reaces
- 5,597
- 4
- 38
- 46
-
Thanks, that's exactly what I needed from the blogpost. But now I only have the output from the xml. How can I save this to a .txt or evtx file? – user3603657 May 07 '14 at 12:22
-
You could add a pipe with an export. Which means adding ' | out-file c:\temp\test.txt' for example. Edited because I mixed up out-csv and out-file for a moment :) However I would still recommend a csv instead of a txt for readability: ' | export-csv c:\temp\test.csv ' – Reaces May 07 '14 at 12:24
-
If I add the pipe it isn't readable anymore. I want exactly the text/output format of this command: `Get-WinEvent -FilterXml ([xml](Get-Content C:\LogFiles\test.xml))` – user3603657 May 07 '14 at 12:29
-
If you want a readable log of the events, export-csv seems to be your best bet. However if you're determined to store it in text files with the formatting of the powershell table, try | ft -wrap -autosize | out-file c:\temp\test.txt – Reaces May 07 '14 at 12:43
-
Ah yes, thanks that's what I meant. Thank you so much. But one question left, how can I separate the columns (TimeCreated, ProviderName, Id, Message) in a .csv file for example? – user3603657 May 07 '14 at 12:56