I have a Custom View in the Event Viewer with a couple of Event id's. I know you can save those event id's in an .evtx file to open it. This proces has to be executed manually. Now is my question, how can I automate this? Through a PowerShell script perhaps or via a task in the Task Scheduler? I would like to execute this every friday of the week. I hope somebody can help me.
Powershell – Save Custom View from Event Viewer in .evtx
eventviewerpowershelltask-schedulerwindows-server-2008
Related Topic
- Windows – I need an XPath query to view all events in the Windows event log (custom view)
- Powershell – Script to export custom view Event Viewer to .evtx Powershell
- How to send email when SPECIFIC scheduled task fails to run or returns with an error code
- How to Consolidate all Event Viewer Logs from different Servers
- Windows – Events not visible in Event Log viewer
- Powershell – Is it possible to view events from all event logs (including “Applications and Services Logs”) simultaneously
Best Answer
You will be best server saving the XML from the custom view filter, and using it to run a powershell script that queries the event viewer using the XML as filter.
There's a technet blogpost explaining how to do just that at: http://blogs.technet.com/b/heyscriptingguy/archive/2011/11/14/use-custom-views-from-windows-event-viewer-in-powershell.aspx