question

Corobori avatar image
0 Votes"
Corobori asked XiaopoYang-MSFT commented

Extract data from EventLog

Hi,

I have got an evtx file containing some information I want to parse. I have seen people pointing to PowerShell scripts, such as this one.

Before dwelling deeper into PowerShell I am wondering if I am going the right way.
What I want to extract from my evtx file are the following data: Exception information and the following Request information: Event time, Request URL, Request path and the User host address




windows-api
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Castorix31 avatar image
0 Votes"
Castorix31 answered XiaopoYang-MSFT commented

Use evt APIs (Windows Event Log)
You can find many samples on Google or MSDN forums, like C++ Program for Extracting data from windows logs in different formats(xml,evts,csv,txt)


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for the tip. I should have thought that other ways to read the Event Log were available. I am not a C++ developer but from what I read accessing from a .NET code looks doable, I'll have a look that way.

0 Votes 0 ·

There is a sample in .NET. How to: Query for Events (QueryExternalFile).


0 Votes 0 ·