I want to create a printer statistic and I have a simple but powerfull XML parser. So I want to export all Events from the printer log to the XML format.
The print server runs Win2008R2. When I want to export the filtered log to XML (I have filtered event ID 307) I've got only 300 events from almost 6000.
Could you help me? I have also tried powershell to export the log, but I'am not able to get the xml structure.
Best Answer
The windows utility wevtutil can do just what you're looking for. I was using it for archiving certain event-log entries into a database. The powershell based methods had several failure-modes that made iterating over a large number of events infeasible. This utility dumps the entire thing in one go, which makes offline parsing much, much faster.
Specifically, the powershell methods pull events on a retail basis. As it iterates through the loop it's asking the target machine "give me the next event", which requires a lot of back-and-forth to the machine. The speed difference between the wevutil method and the powershell method was significant: it took over an hour to extract an event-log via powershell, but only 2 minutes via wevtutil.
Depends on your use-case though. If the logs you're parsing are not busy or not very large, the powershell method means you don't have to manage files as part of your script.