-2

I'm new here and i have a question. I'm trying to get the original event logs (Application, System, Security) from Windows and export them to a text or CSV file.

Quite easy, you'd think, but with PowerShell I can't get it right.

If I go to the Windows Event Log screen and select save as..:

1

Next i choose save as .txt. If i open that file, it looks like this:

2

This is exactly what i'm trying to do with powershell, but i can't get it right. Even with my best friend google.nl it is still a problem. Can somebody help me with this??

Mathias R. Jessen
  • 157,619
  • 12
  • 148
  • 206
rodenr01
  • 11
  • 1
  • 2
  • 2
    Could you share an excerpt of the code that you've tried so far in the body of the question? It will help SO members better assist. – Andrew Ryan Davis Oct 08 '20 at 16:45
  • 2
    We can't explain why your efforts in Powershell don't work, because you didn't include your code. Please do so in the form of a [mre] that can be copied, pasted and run. You'll find your experiences here will be much better if you spend some time taking the [tour] and reading the [help] pages to learn how the site works before you begin posting. – Ken White Oct 08 '20 at 16:49
  • This is the code i use in powershell: $File = "C:\users\remco\Security.txt"; Get-Eventlog Security | Format-Table -autosize | Out-File $File There is text missing in the message collum. it's not complete – rodenr01 Oct 08 '20 at 17:15

2 Answers2

1

From the info you provided, I think you're asking for the Export-Csv cmdlet

# Set the destination filepath
$appLogsCsvPath = "C:\temp\appLogs.csv"
# grab the first 100 events in the application log
$first100Events = Get-EventLog -LogName Application | 
    Select-Object -First 100

# Export the events to a csv at the previously defined path
# When converting or exporting csv items in PowerShell
# I recommend always including the -NoTypeInformation switch,
# without it, it adds information to the csv that more often than not, messes it up.
$first100Events | 
    Export-Csv -Path $appLogsCsvPath -NoTypeInformation -UseCulture

# Opens the csv
ii $appLogsCsvPath

More golfed version

Get-EventLog -LogName Application | Select -First 100 | Export-Csv "C:\temp\appLogs.csv" -NoTypeInformation -UseCulture

Edit: Added the -UseCulture switch to Export-Csv to account for locale settings

PowerShellGuy
  • 733
  • 2
  • 8
  • tekst file or csv file, It make no sense for me. It should be clear and uncluttered, like the text file above. With all respect, but if i try it your way: Get-EventLog -LogName Application | Select -First 100 | Export-Csv "C:\temp\appLogs.csv" -NoTypeInformation It seems like a mass in excel. Or maybe i do something wrong – rodenr01 Oct 08 '20 at 17:40
  • 1
    That's an excel thing, and how it behaves when opening .csv files. Just expand the width of the columns by double clicking the column border. Each row is a separate event, each column is a property tied to that event. – PowerShellGuy Oct 08 '20 at 17:49
  • 1
    Just add switch `-UseCulture` to the Export-Csv command. Apparently the OP simply double-clicks the csv file and his/her locale setting makes Excel use a different separator character than the comma. UseCulture will fix that. – Theo Oct 09 '20 at 10:34
  • Good catch @Theo, didn't even think about the locale settings being an issue. – PowerShellGuy Oct 09 '20 at 13:43
  • I think you'd better update the answer and add this, because I'm not quite sure if the OP reads the comments... ;) – Theo Oct 09 '20 at 14:43
0

We get 3 event types : get all system , security and applications windows evnetlogs my using the follwing commands :

Get-EventLog -LogName security | Export-Csv "C:\temp\security-Logs.csv" -NoTypeInformation -UseCulture

and

Get-EventLog -LogName system | Export-Csv "C:\temp\system-Logs.csv" -NoTypeInformation -UseCulture

and

Get-EventLog -LogName Application | Export-Csv "C:\temp\Aplication-Logs.csv" -NoTypeInformation -UseCulture

check the CSV files that are generated in the mentioned Path for each line

Mohammed L T
  • 1
  • 1