Convert an .evtx file to text

From MyWiki
Revision as of 10:57, 21 February 2020 by George2 (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Sourced from https://serverfault.com/questions/783708/convert-saved-evtx-files-to-text 

$a = Get-Item *.evtx
$output_file = [System.IO.StreamWriter] $("all.csv")
foreach($file in $a){
    $events = get-winevent -path $file.FullName
 
    foreach ($Event in $events) { 
        $xml = [xml]($Event.ToXml())
 
        foreach ($s in $xml.Event.System.ChildNodes) {
            $output_file.Write($s.Name + ":" + $s.InnerText + ",")
        }
        foreach ($d in $xml.Event.EventData.Data) {
            $text = $d.InnerText
            $text = if ($text) { $text.replace("`n","") } else { $text }
            $output_file.Write($d.Name + ":" + $text + ",")
        }
        $output_file.WriteLine()
    }
}
 
$output_file.Flush()
$output_file.Close()
Retrieved from "https://wiki.twig.es/index.php?title=Convert_an_.evtx_file_to_text&oldid=4596"