VBS Export events into xml spreadsheet

EE, thanks for reading

I have AppLocker in audit mode spitting out event ID 8002 8003 8005 and 8006 to a 2k8 collector and looking to export this into an excel spreadsheet.

First, I saved the collector events to my desktop c:\Events.evtx where I have xml installed and just need the data from these two events that I can sort out for our IA team to determine weather or not to make exceptions for that software.

This would be a huge help if anybody can assist.

Thanks again in advance

-k
snyderkvAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan McFaddenSystems EngineerCommented:
This can be accomplished in a single script in PowerShell.  Is that an option for you?

Dan
Dan McFaddenSystems EngineerCommented:
Do you have any specific fields in the Event Log message that you want to ship to the DEVs?

For example, field names:  Data, Message, MachineName, TimeGenerated, ...

Dan
snyderkvAuthor Commented:
Oh I didn't know that. I was able to Save As and export as cvs which imports into excel, but I may need to get more granular like "machine name" and the Data under the General Tab.
Dan McFaddenSystems EngineerCommented:
Here is straight forward PowerShell script.

$ComputerName = "<YourServerName>"
$EventLogName = "<TheNameOfTheEventLog>"
$EventSource = "<TheEventSource>"

$OutputFile = "event-log-export.csv"
$Output = @()

$Events = Get-EventLog -ComputerName $ComputerName -LogName $EventLogName -Source $EventSource -Newest 100 -AsBaseObject | where {($_.EventID -eq 8002) -OR ($_.EventID -eq 8003) -OR ($_.EventID -eq 8005)  -OR ($_.EventID -eq 8006)}

foreach ($e in $Events)
{
	$einfo = New-Object PSObject
        $einfo | Add-Member -MemberType NoteProperty -Name  "Time-Generated" -Value $e.TimeGenerated
	$einfo | Add-Member -MemberType NoteProperty -Name  "Computer-Name" -Value $e.MachineName
        $einfo | Add-Member -MemberType NoteProperty -Name  "EventID" -Value $e.EventID
        $einfo | Add-Member -MemberType NoteProperty -Name  "Entry-Type" -Value $e.EntryType
        $einfo | Add-Member -MemberType NoteProperty -Name  "EventLog-Message" -Value $e.Message
	$Output += $einfo
}

$Output | Export-Csv $OutputFile  -NoTypeInformation -UseCulture

Open in new window


Update the first 3 variables with the appropriate info.  Then run it.  It will generate a CSV file which contains your info.

Dan

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
snyderkvAuthor Commented:
You the man, thanks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VB Script

From novice to tech pro — start learning today.