-1

Am trying to import / read Windows server event logs to a text file, using a wevtutil command. I use the following command to write my logs to file.txt:

$ wevtutil qe Application \rd:true \f:text (reads application logs) and the sample output of my command, is: 

Event[1]:
  Log Name: Application
  Source: Microsoft-Windows-Security-SPP
  Date: 2016-03-29T13:02:27.000
  Event ID: 8196
  Task: N/A
  Level: Information
  Opcode: N/A
  Keyword: Classic
  User: N/A
  User Name: N/A
  Computer: WIN-IONOGQTF9O5
  Description: License Activation Scheduler (sppuinotify.dll)

Event[2]:
  Log Name: Application
  Source: Microsoft-Windows
  Date: 2016-06-29T13:02:57.000
  Event ID: 3444
  Task: N/A
  Level: Critical
  Opcode: N/A
  Keyword: Classic
  User: N/A
  User Name: N/A
  Computer: WIN-IONOGDFFF9O5
  Description: AIRO.Activation code(sppuinotify.dll)

(Actually,two sample logs). but, i want to write my log as a single line to .txt file, rather than the above multi-line output for a single log. is there a wevtutil command utility to write a log to a single line, like below:

Event[1]:Log Name: Application Source: Microsoft-Windows-Security-SPP Date: 2016-03-29T13:02:27.000 Event ID: 8196 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A  User Name: N/A Computer: WIN-IONOGQTF9O5 Description: License Activation Scheduler (sppuinotify.dll)
Event[2]:Log Name: Application Source: Microsoft-Windows Date: 2016-03-29T13:02:27.000 Event ID: 8196 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A  User Name: N/A Computer: WIN-IONOGQTF9O5 Description: License Activation Scheduler (sppuinotify.dll)

Thanks!

kahsay.k
  • 61
  • 7
  • if you use the built-in commands like `get-eventlog` instead of the utility you can format the output however you want – Paul Apr 13 '16 at 10:48
  • @Paul: thank u for your reply, but the output from get_eventlog and wevtutil are totally different! – kahsay.k Apr 13 '16 at 11:36
  • the events that get-eventlog puts out have pretty much all the information contained in your sample output from wevtutil... you just have to put the data together how you want it and save it to a file – Paul Apr 13 '16 at 11:58

1 Answers1

0
$logname = "Application"    
$events = Get-EventLog -LogName $logname

$arr = @()
$counter = 1

foreach($event in $events){
$arr += "Event[$counter]:Log Name: $logname Source: $($event.Source) Date: $($event.TimeWritten) Event ID: $($event.EventID) Task: $($event.Category) Level: $($event.EntryType) ..."
$counter++
}

$arr | out-file events.txt

If you need to have Opcode, Keyword etc. use Get-Winevent instead of Get-Eventlog

Paul
  • 5,524
  • 1
  • 22
  • 39