EventViewer in Windows has the ability to export a log to a CSV file. I would like to automatically make a backup of that log in that format (as has been done manually in the past few years). It's a standalone system that will typically not have network connectivity, so log centralization tools probably won't work.
I noticed a wmic NTEVENT command, but can't seem to get to export to CSV. Here's an example:
NTEVENT WHERE "LogFile='application' AND TimeGenerated > '20100709173000.000000-300'"
Can I get that to output to a CSV file?
Use psloglist from http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx
It does exacty what you are asking for.
NTEVENT WHERE "LogFile='application' AND TimeGenerated > '20100709173000.000000-300'" get message,sourcename /format:csv
notice the /format:csv part
Microsoft Log Parser does this and so much more. Multiple input sources, multiple output destinations, all using SQL like queries. http://www.microsoft.com/downloads/details.aspx?familyid=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en
Input Formats
IIS Log File Input Formats
IISW3C: parses IIS log files in the W3C Extended Log File Format.
IIS: parses IIS log files in the Microsoft IIS Log File Format.
BIN: parses IIS log files in the Centralized Binary Log File Format.
IISODBC: returns database records from the tables logged to by IIS when configured to log in the ODBC Log Format.
HTTPERR: parses HTTP error log files generated by Http.sys.
URLSCAN: parses log files generated by the URLScan IIS filter.
Generic Text File Input Formats
CSV: parses comma-separated values text files.
TSV: parses tab-separated and space-separated values text files.
XML: parses XML text files.
W3C: parses text files in the W3C Extended Log File Format.
NCSA: parses web server log files in the NCSA Common, Combined, and Extended Log File Formats.
TEXTLINE: returns lines from generic text files.
TEXTWORD: returns words from generic text files.
System Information Input Formats
EVT: returns events from the Windows Event Log and from Event Log backup files (.evt files).
FS: returns information on files and directories.
REG: returns information on registry values.
ADS: returns information on Active Directory objects.
Special-purpose Input Formats
NETMON: parses network capture files created by NetMon.
ETW: parses Enterprise Tracing for Windows trace log files and live sessions.
COM: provides an interface to Custom Input Format COM Plugins.
Output Formats
Generic Text File Output Formats
NAT: formats output records as readable tabulated columns.
CSV: formats output records as comma-separated values text.
TSV: formats output records as tab-separated or space-separated values text.
XML: formats output records as XML documents.
W3C: formats output records in the W3C Extended Log File Format.
TPL: formats output records following user-defined templates.
IIS: formats output records in the Microsoft IIS Log File Format.
Special-purpose Output Formats
SQL: uploads output records to a table in a SQL database.
SYSLOG: sends output records to a Syslog server.
DATAGRID: displays output records in a graphical user interface.
CHART: creates image files containing charts.