Microsoft Windows Event Log XML Collector

Microsoft Windows Event Log XML Collector

This proof-of-concept grade Collector provides data-capture capabilities for Microsoft Windows Event Log XML data.


If you have a file in the proprietary binary .evt or .evtx format, you can use this Powershell cmdlet to convert it to XML:


Get-WinEvent -path events.evt -Oldest | foreach {$_.ToXml()}

 


 



NetIQ does not test or validate any software, code or other materials provided in, on or through NetIQ Cool Solutions (collectively, "Materials"), so please use caution when downloading or accessing any Materials from Cool Solutions and ensure that you have reasonable and current security, spyware and anti-virus measures in place on your computer and/or network prior to downloading. Additionally, do not use any Materials downloaded from Cool Solutions in any production environment without first testing the Materials to ensure they are compatible with your version of NetIQ software or any other hardware or software present in your network or environment. Cool Solutions is not a substitute for authorized NetIQ support and should not be used as such. NETIQ COOL SOLUTIONS AND ANY MATERIALS ARE PROVIDED ON AN AS-IS, AS-AVAILABLE BASIS WITHOUT ANY WARRANTY OF ANY KIND. By downloading this file, you are agreeing to these terms of use. To report a problem please contact: coolguys-netiq@netiq.com. Your use of Cool Solutions is governed by the Cool Solutions Terms and Conditions. https://www.netiq.com/communities/coolsolutions/terms-and-conditions/
Attachments

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments
Do you know if this can be used to parse logs from a NetApp?
It worked on my NetApp sample:




560
0
3
0xa0000000000000

3
sampledata\netapp.evt
DATEN_01



Security
File
\vol\daten_01_data\Daten\ITSM_Audit\Test.txt
16
-
2048
NetApp Data ONTAP
a123456
EXAMPLE
(0x0, 0x19759e)
10.1.2.3
-
-
%%4423
%%1538

-
0
0x20080

Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2012-08-20 18:22
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.