How to log Custom Views in Event Viewer (Windows Server 2012 )

You need to use PowerShell as described in the Microsoft blog
Use Custom Views from Windows Event Viewer in PowerShell:

• In Event Viewer, select the custom view by clicking it
• Clicking Filter Custom View from the Action menu or from the right-hamd pane
• Click the XML tab
• Click Ctrl+A to select everything
• Click Ctrl+C to copy it to the clipboard
• Open Notepad and paste the text
• Save as an .xml file, say in the file C:\Temp\ev.xml

• Run PowerShell as Administrator to read the events using the command:

  Get-WinEvent -FilterXml ([xml](Get-Content "C:\Temp\ev.xml"))
  

See also the Microsoft documentation for Get-WinEvent.

enter image description here

• Thank you! This works to output the log event to the screen. I figured out how to pipe the output to 'Out-File -FilePath' to save it in a file. I'm trying to set up a scheduled task that will run this command periodically and save the output in files. Is there a way to automatically increment the file name that the output gets saved to? Or even better, to append the current date to the file name?

  yvoloshin

  – yvoloshin

  2020年03月10日 16:01:26 +00:00

  Commented Mar 10, 2020 at 16:01
• 1
  Lots of PowerShell examples to be found. For example, google for "powershell append date file name" gives answer1 and answer2.

  harrymc

  – harrymc

  2020年03月10日 17:08:20 +00:00

  Commented Mar 10, 2020 at 17:08
• Thank you! That was very helpful.

  yvoloshin

  – yvoloshin

  2020年03月10日 17:24:52 +00:00

  Commented Mar 10, 2020 at 17:24

• logging
• windows-server-2012
• event-viewer
• events