Link to home
Start Free TrialLog in
Avatar of srsysdoc
srsysdoc

asked on

Powershell script to export EVents logs in human readable

Hi experts,

     I want a Power shell script to export event logs in below format. Please help somebody. I am very new to scripting.
AccountName	AccountDomain	Message			EventID	TimeCreated
John		Testserver	Workstation was locked	4800	10.30.2013 18:45

Open in new window

Avatar of Coralon
Coralon
Flag of United States of America image

The domain isn't easy to extract... I'm having to give that some thought.. but the basics are pretty easy..

get-eventlog -logname <name> | select-object -property UserName,Message,EventID,TimeGenerated

Open in new window


That gives you the basics.. doesn't include column headers.  If you need those, I can add more later.. :-)

Coralon
ASKER CERTIFIED SOLUTION
Avatar of Qlemo
Qlemo
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Actually, what I put up did exactly what he asked, other than the one column.  I had tested it before posting it just to be sure.  

He didn't ask for a specific event, or a specific timeline, or even a specific log.

Coralon
Coralon,

My comment makes more sense if seen in context of the other question I referred to (and the Asker posted in). But you should have seen that "UserName" doesn't make ANY sense in context of this question, as it is empty all the time. Also, EventID 4800 is well-known to be in the Security log.
Avatar of srsysdoc
srsysdoc

ASKER

Hi Coralon,

        Thanks for spending your valuable time on my question. Your script also working fine but it didn't show me the username.
It showed the username from the event itself -- the account that was running the item that triggered the event.    It is definitely a different thing then looking for the account in the text of the event :-)  I'm glad Qlemo was able to get you those details.

As a matter of course, please be specific at what you want, don't leave it to us to guess :-)  Some of us will guess wrong, lol.