如何用结构化XML数据编写事件日志条目? [英] How to write an event log entry with structured XML data?

问题描述

问题:如何使用PowerShell使用结构化XML数据编写事件日志条目?

Question: How to write an event log entry with structured XML data using PowerShell?

我的PowerShell脚本使用Write-EventLog cmdlet写入Windows事件日志.当前，我使用-Message参数设置事件日志消息:

My PowerShell script writes to the Windows event log using the Write-EventLog cmdlet. Currently I use the -Message parameter to set the event log message:

Write-EventLog -LogName $EventLogName -Source $EventSource -EntryType Error -EventId 1 -Message "MyMessageHere"

如果使用Windows EventViewer查看消息，则会得到如下所示的XML:

If you look at the message using Windows EventViewer you get an XML like this:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    [...]
  </System>
  <EventData>
    <Data>MyMessageHere</Data> 
  </EventData>
</Event>

即该消息被设置为事件数据.现在，我想编写结构化的事件数据，其中Data元素的内容为XML(有关示例，请参阅您自己的Windows \ Security日志).

I.e. the message is set as event data. Now I want to write structured event data, where the contents of the Data element is XML (see your own Windows\Security log for an example).

我尝试按如下方式使用Write-EventLog:-Message "<Data Name=""MyKey1"">MyValue1</Data>，但这无法正常工作，看起来该消息已作为CDATA添加到Data元素内部.

I tried using Write-EventLog as follows: -Message "<Data Name=""MyKey1"">MyValue1</Data> but that does not work properly, it looks like the message is added as CDATA to the inside the Data element.

那么，如何使用PowerShell使用结构化XML数据编写事件日志条目?

So, how to write an event log entry with structured XML data using PowerShell?

推荐答案

这是如何执行此操作的真正答案: https://kevinholman.com/2016/04 /02/使用Powershell编写带有参数的事件/

Here's the real answer on how to do this: https://kevinholman.com/2016/04/02/writing-events-with-parameters-using-powershell/

#Script to create events with parameters

#Define the event log and your custom event source
$evtlog = "Application"
$source = "MyEventSource"

#These are just examples to pass as parameters to the event
$hostname = "computername.domain.net"
$timestamp = (get-date)

#Load the event source to the log if not already loaded.  This will fail if the event source is already assigned to a different log.
if ([System.Diagnostics.EventLog]::SourceExists($source) -eq $false) {
    [System.Diagnostics.EventLog]::CreateEventSource($source, $evtlog)
}

#function to create the events with parameters
function CreateParamEvent ($evtID, $param1, $param2, $param3)
  {
    $id = New-Object System.Diagnostics.EventInstance($evtID,1); #INFORMATION EVENT
    #$id = New-Object System.Diagnostics.EventInstance($evtID,1,2); #WARNING EVENT
    #$id = New-Object System.Diagnostics.EventInstance($evtID,1,1); #ERROR EVENT
    $evtObject = New-Object System.Diagnostics.EventLog;
    $evtObject.Log = $evtlog;
    $evtObject.Source = $source;
    $evtObject.WriteEvent($id, @($param1,$param2,$param3))
  }


#Command line to call the function and pass whatever you like
CreateParamEvent 1234 "The server $hostname was logged at $timestamp" $hostname $timestamp

这篇关于如何用结构化XML数据编写事件日志条目?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！