Windows – Getting Windows EventViewer CSV file from Command-line

csvwindowswmi

EventViewer in Windows has the ability to export a log to a CSV file. I would like to automatically make a backup of that log in that format (as has been done manually in the past few years). It's a standalone system that will typically not have network connectivity, so log centralization tools probably won't work.

I noticed a wmic NTEVENT command, but can't seem to get to export to CSV. Here's an example:
NTEVENT WHERE "LogFile='application' AND TimeGenerated > '20100709173000.000000-300'"

Can I get that to output to a CSV file?

Best Answer

Use psloglist from http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx

It does exacty what you are asking for.

Related Solutions

Windows – How to find what process is holding a file open in Windows

I've had success with Sysinternals Process Explorer. With this, you can search to find what process(es) have a file open, and you can use it to close the handle(s) if you want. Of course, it is safer to close the whole process. Exercise caution and judgement.

To find a specific file, use the menu option Find->Find Handle or DLL... Type in part of the path to the file. The list of processes will appear below.

If you prefer command line, Sysinternals suite includes command line tool Handle, that lists open handles.

Examples

c:\Program Files\SysinternalsSuite>handle.exe |findstr /i "e:\" (finds all files opened from drive e:\"
c:\Program Files\SysinternalsSuite>handle.exe |findstr /i "file-or-path-in-question"

Windows – Useful Command-line Commands on Windows

A little known one is

getmac

It shows the MAC address(es) of your network adapter(s).

Screenshot of running getmac from a Windows commandline window.

Best Answer

Related Solutions

Windows – How to find what process is holding a file open in Windows

Windows – Useful Command-line Commands on Windows

Related Topic