Strange results when exporting events to xml

Welcome Forums General PowerShell Q&A Strange results when exporting events to xml

This topic contains 2 replies, has 2 voices, and was last updated by

 
Participant
9 months, 1 week ago.

  • Author
    Posts
  • #101827

    Participant
    Points: 1
    Rank: Member

    So I run this on my domain controller, looking for events where users where disabled, searching archived event logs.

    Get-WinEvent -FilterHashtable @{Path="C:\windows\system32\winevt\Logs\*Security*";id= @($EventLogonIDs);StartTime="
    5/31/2018";EndTime="6/01/2018"} | Export-Clixml c:\Users\bv1462_admin\Desktop\result4725.xml

    When I get the results, the message text is similar to this:

    A user account was disabled._x000D__x000A__x000D__x000A_Subject:_x000D__x000A__x0009_Security ID:_x0009__x0009_S-1-5-21-2112958924-2060150323-4283506686-11897_x000D__x000A__x0009_Account Name:_x0009__x0009_admin_x000D__x000A__x0009_Account Domain:_x0009__x0009_BV_x000D__x000A__x0009_Logon ID:_x0009__x0009_0x21ec96cb_x000D__x000A__x000D__x000A_Target Account:_x000D__x000A__x0009_Security ID:_x0009__x0009_S-1-5-21-2112958924-2060150323-4283506686-1958_x000D__x000A__x0009_Account Name:_x0009__x0009_at008_x000D__x000A__x0009_Account Domain:_x0009__x0009_

    Any thoughts on why and how I can make it readable? I tried to just export as CSV, but then I do not get the entire message body. no matter what I try

    Thanks

  • #101879

    Participant
    Points: 280
    Helping Hand
    Rank: Contributor

    When I export to csv I can get the entire message property, I just had to expand the cell. If you want to make a "readable" report I would stick with out-file or export-csv. The Export-CLIxml is a way of converting an object to XML and storing it in a file so that PS can rebuild the objects from the file in a different session. It's not necessarily meant to be "readable". When I import the .xml file PS recreates the object perfectly. I read something regarding export-CLIxml defaulting to UTF-16, however forcing the encoding to UTF-8 didn't yield any different result for me. Maybe someone else who is more knowledgeable about XML can chime in and offer a better explanation.

    Get-WinEvent -FilterHashtable @{Path="C:\windows\system32\winevt\Logs\*Security*";ID='4670';StartTime="5/31/2018";EndTime="6/01/2018"} | select -First 1 | Export-Csv -Path C:\Users\user\Desktop\result4725.csv -NoTypeInformation -Force
    
    • #102134

      Participant
      Points: 1
      Rank: Member

      Thank you for the response. I do not know why xml was so weird, but the csv was able to get me what I needed. I was expanding out so I did not see it, but when I expanded the cell down, it was there

The topic ‘Strange results when exporting events to xml’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort