1

EventViewer in Windows has the ability to export a log to a CSV file. I would like to automatically make a backup of that log in that format (as has been done manually in the past few years). It's a standalone system that will typically not have network connectivity, so log centralization tools probably won't work.

I noticed a wmic NTEVENT command, but can't seem to get to export to CSV. Here's an example: NTEVENT WHERE "LogFile='application' AND TimeGenerated > '20100709173000.000000-300'"

Can I get that to output to a CSV file?

User1
  • 2,386
  • 4
  • 19
  • 21

3 Answers3

3

Use psloglist from http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx

It does exacty what you are asking for.

jftuga
  • 5,572
  • 4
  • 39
  • 50
1

NTEVENT WHERE "LogFile='application' AND TimeGenerated > '20100709173000.000000-300'" get message,sourcename /format:csv

notice the /format:csv part

tony roth
  • 3,844
  • 17
  • 14
0

Microsoft Log Parser does this and so much more. Multiple input sources, multiple output destinations, all using SQL like queries. http://www.microsoft.com/downloads/details.aspx?familyid=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en

Input Formats

IIS Log File Input Formats

IISW3C: parses IIS log files in the W3C Extended Log File Format.

IIS: parses IIS log files in the Microsoft IIS Log File Format.

BIN: parses IIS log files in the Centralized Binary Log File Format.

IISODBC: returns database records from the tables logged to by IIS when configured to log in the ODBC Log Format.

HTTPERR: parses HTTP error log files generated by Http.sys.

URLSCAN: parses log files generated by the URLScan IIS filter.

Generic Text File Input Formats

CSV: parses comma-separated values text files.

TSV: parses tab-separated and space-separated values text files.

XML: parses XML text files.

W3C: parses text files in the W3C Extended Log File Format.

NCSA: parses web server log files in the NCSA Common, Combined, and Extended Log File Formats.

TEXTLINE: returns lines from generic text files.

TEXTWORD: returns words from generic text files.

System Information Input Formats

EVT: returns events from the Windows Event Log and from Event Log backup files (.evt files).

FS: returns information on files and directories.

REG: returns information on registry values.

ADS: returns information on Active Directory objects.

Special-purpose Input Formats

NETMON: parses network capture files created by NetMon.

ETW: parses Enterprise Tracing for Windows trace log files and live sessions.

COM: provides an interface to Custom Input Format COM Plugins.

Output Formats

Generic Text File Output Formats

NAT: formats output records as readable tabulated columns.

CSV: formats output records as comma-separated values text.

TSV: formats output records as tab-separated or space-separated values text.

XML: formats output records as XML documents.

W3C: formats output records in the W3C Extended Log File Format.

TPL: formats output records following user-defined templates.

IIS: formats output records in the Microsoft IIS Log File Format.

Special-purpose Output Formats

SQL: uploads output records to a table in a SQL database.

SYSLOG: sends output records to a Syslog server.

DATAGRID: displays output records in a graphical user interface.

CHART: creates image files containing charts.

REW
  • 223
  • 2
  • 9
  • If you use Office 2007, then you need to download "MS Office 2003 Web Components" in order to use LogParser. http://www.microsoft.com/downloads/details.aspx?familyid=7287252c-402e-4f72-97a5-e0fd290d4b76&displaylang=en – jftuga Jul 10 '10 at 01:47
  • Only for the CHART output I believe. – REW Jul 10 '10 at 02:21