尝试使用wevtutil命令将Windows服务器事件日志导入/读取到文本文件。我使用以下命令将我的日志写入file.txt:
$
wevtutil qe Application \rd:true \f:text(读取应用程序日志) 和我的命令的示例输出是:
Event[1]:
Log Name: Application
Source: Microsoft-Windows-Security-SPP
Date: 2016-03-29T13:02:27.000
Event ID: 8196
Task: N/A
Level: Information
Opcode: N/A
Keyword: Classic
User: N/A
User Name: N/A
Computer: WIN-IONOGQTF9O5
Description: License Activation Scheduler (sppuinotify.dll)
Event[2]:
Log Name: Application
Source: Microsoft-Windows
Date: 2016-06-29T13:02:57.000
Event ID: 3444
Task: N/A
Level: Critical
Opcode: N/A
Keyword: Classic
User: N/A
User Name: N/A
Computer: WIN-IONOGDFFF9O5
Description: AIRO.Activation code(sppuinotify.dll)
(实际上,两个样本日志)。 但是,我想将我的日志作为单行写入.txt文件,而不是单个日志的上述多行输出。是否有wevtutil command实用程序将日志写入单行,如下所示:
Event[1]:Log Name: Application Source: Microsoft-Windows-Security-SPP Date: 2016-03-29T13:02:27.000 Event ID: 8196 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: WIN-IONOGQTF9O5 Description: License Activation Scheduler (sppuinotify.dll)
Event[2]:Log Name: Application Source: Microsoft-Windows Date: 2016-03-29T13:02:27.000 Event ID: 8196 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: WIN-IONOGQTF9O5 Description: License Activation Scheduler (sppuinotify.dll)
谢谢!
答案 0 :(得分:0)
$logname = "Application"
$events = Get-EventLog -LogName $logname
$arr = @()
$counter = 1
foreach($event in $events){
$arr += "Event[$counter]:Log Name: $logname Source: $($event.Source) Date: $($event.TimeWritten) Event ID: $($event.EventID) Task: $($event.Category) Level: $($event.EntryType) ..."
$counter++
}
$arr | out-file events.txt
如果您需要使用操作码,关键字等,请使用Get-Winevent代替Get-Eventlog