Menu
Question: How to write an event log entry with structured XML data using PowerShell?
My PowerShell script writes to the Windows event log using the Write-EventLog cmdlet. Currently I use the -Message parameter to set the event log message:
Write-EventLog -LogName $EventLogName -Source $EventSource -EntryType Error -EventId 1 -Message "MyMessageHere"
If you look at the message using Windows EventViewer you get an XML like this:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
[...]
</System>
<EventData>
<Data>MyMessageHere</Data>
</EventData>
</Event>
I.e. the message is set as event data. Now I want to write structured event data, where the contents of the Data element is XML (see your own Windows\Security log for an example).
I tried using Write-EventLog as follows: -Message "<Data Name=""MyKey1"">MyValue1</Data> but that does not work properly, it looks like the message is added as CDATA to the inside the Data element.
So, how to write an event log entry with structured XML data using PowerShell?
567
To create special log views, Click on the Administrative events. Click on Create Custom View on the right side of the window to open Create Custom View window. Under the Filter, there is Logged drop-down list. You can either choose an appropriate predefined time or use a custom time range for your Custom log views.
An event log is a basic "log book" that is analyzed and monitored for higher level "network intelligence." It can capture many different types of information. For example, it can capture all logon sessions to a network, along with account lockouts, failed password attempts, etc.
This Windows edition came with three Windows logs: Application event log, System event log and Security event log. Modern versions of Windows come with more than a hundred of Windows eventlogs, and third party applications can create and integrate into Windows logging their own event logs.
Here's the real answer on how to do this: https://kevinholman.com/2016/04/02/writing-events-with-parameters-using-powershell/
#Script to create events with parameters #Define the event log and your custom event source $evtlog = "Application" $source = "MyEventSource" #These are just examples to pass as parameters to the event $hostname = "computername.domain.net" $timestamp = (get-date) #Load the event source to the log if not already loaded. This will fail if the event source is already assigned to a different log. if ([System.Diagnostics.EventLog]::SourceExists($source) -eq $false) { [System.Diagnostics.EventLog]::CreateEventSource($source, $evtlog) } #function to create the events with parameters function CreateParamEvent ($evtID, $param1, $param2, $param3) { $id = New-Object System.Diagnostics.EventInstance($evtID,1); #INFORMATION EVENT #$id = New-Object System.Diagnostics.EventInstance($evtID,1,2); #WARNING EVENT #$id = New-Object System.Diagnostics.EventInstance($evtID,1,1); #ERROR EVENT $evtObject = New-Object System.Diagnostics.EventLog; $evtObject.Log = $evtlog; $evtObject.Source = $source; $evtObject.WriteEvent($id, @($param1,$param2,$param3)) } #Command line to call the function and pass whatever you like CreateParamEvent 1234 "The server $hostname was logged at $timestamp" $hostname $timestamp
111
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
