Question: How to write an event log entry with structured XML data using PowerShell?
My PowerShell script writes to the Windows event log using the Write-EventLog cmdlet. Currently I use the -Message parameter to set the event log message:
Write-EventLog -LogName $EventLogName -Source $EventSource -EntryType Error -EventId 1 -Message "MyMessageHere"
If you look at the message using Windows EventViewer you get an XML like this:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
[...]
</System>
<EventData>
<Data>MyMessageHere</Data>
</EventData>
</Event>
I.e. the message is set as event data. Now I want to write structured event data, where the contents of the Data element is XML (see your own Windows\Security log for an example).
I tried using Write-EventLog as follows: -Message "<Data Name=""MyKey1"">MyValue1</Data> but that does not work properly, it looks like the message is added as CDATA to the inside the Data element.
So, how to write an event log entry with structured XML data using PowerShell?
To find this on Google here was my query: " powershell +"write-eventlog" +"xml" -"reading" -"read" -"get-eventlog" -"audit" "
Here's the real answer on how to do this:
https://blogs.technet.microsoft.com/kevinholman/2016/04/02/writing-events-with-parameters-using-powershell/
#Script to create events with parameters
#Define the event log and your custom event source
$evtlog = "Application"
$source = "MyEventSource"
#These are just examples to pass as parameters to the event
$hostname = "computername.domain.net"
$timestamp = (get-date)
#Load the event source to the log if not already loaded. This will fail if the event source is already assigned to a different log.
if ([System.Diagnostics.EventLog]::SourceExists($source) -eq $false) {
[System.Diagnostics.EventLog]::CreateEventSource($source, $evtlog)
}
#function to create the events with parameters
function CreateParamEvent ($evtID, $param1, $param2, $param3)
{
$id = New-Object System.Diagnostics.EventInstance($evtID,1); #INFORMATION EVENT
#$id = New-Object System.Diagnostics.EventInstance($evtID,1,2); #WARNING EVENT
#$id = New-Object System.Diagnostics.EventInstance($evtID,1,1); #ERROR EVENT
$evtObject = New-Object System.Diagnostics.EventLog;
$evtObject.Log = $evtlog;
$evtObject.Source = $source;
$evtObject.WriteEvent($id, @($param1,$param2,$param3))
}
#Command line to call the function and pass whatever you like
CreateParamEvent 1234 "The server $hostname was logged at $timestamp" $hostname $timestamp
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 叼着烟拽天下 的文章《How to write an event log entry with structured XM》','https://www.manongdao.com/article-677728.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}