Parsing EventLog Message

Welcome Forums General PowerShell Q&A Parsing EventLog Message

This topic contains 2 replies, has 2 voices, and was last updated by

3 years, 7 months ago.

  • Author
  • #25096

    Points: 0
    Rank: Member

    Hello community,
    I'm searching for a good way to parse message string from security event log entries.
    I found many on web but all of them implements in a way parsing xlm with value positioning.
    For example they parse only 4625 eventid entries which have same properties on same position in every event.
    But what if I want to see on every line if there's a string like Account Name for example.
    I want to find a way to look on every line and if there's a string Account Name then give me back the line.

    I found that Select-String do sth like this (like grep on linux) but i didn't find a way to do select string on a string.
    Is there any good way?
    thank you all experts!! 🙂

  • #25110

    Points: 21
    Rank: Member

    Using the -Split parameter and regex on a string, you can convert your multi-line event long messages to arrays. Then use Select-String to pull out items containing 'Account Name'.

    $event.message -Split '\r\n' | Select-String 'Account Name'
  • #25118

    Points: 0
    Rank: Member

    Thank you very very much! It works!!!

The topic ‘Parsing EventLog Message’ is closed to new replies.