4.16.11 Get event list from Event log
Function
This plug-in outputs the list of the specified event log events to a file in CSV format on the Windows execution target server.
The encoding format of the output file is the default encoding used by the system of the execution target server.
This plug-in requires the following server:
- An execution target server
This plug-in will be executed on this server.
The script in this plug-in executes the following processing:
- The following cmdlet is executed:
Get-EventLog
-LogName event-log-name(value for the Windows.eventLogName property)
-After start-date-and-time-the-event-is-collected(value for Windows.eventStartDateTime property)
For details about the Get-EventLog cmdlet, see the description in the Microsoft library.
The items below are output to a CSV file.
Items output are separated by a comma (,).
(a) Event ID (header name: EventID)
(b) Machine name (header name: MachineName)
(c) Index (header name: Index)
(d) Category (header name: Category)
(e) Category number (header name: CategoryNumber)
(f) Event type (header name: EntryType)
(g) Message (header name: Message)
(h) Source (header name: Source)
(i) Time the event was generated (header name: TimeGenerated)
(j) Time the event was output (header name: TimeWritten)
(k) User name (header name: UserName)
Use situation
Used to obtain the list of Windows event log events.
Prerequisites
For the latest support information about [Prerequisite product in the system]/[Prerequisite OS running on the execution target server], see the release notes.
[Prerequisite product in the system]
JP1/Automatic Operation 11-00 or later
[Prerequisite OS running on the execution target server]
(1) Windows Server 2008 R2 Standard/Enterprise/Datacenter
(2) Windows Server 2012 Standard/Datacenter, Windows Server 2012 R2 Standard/Datacenter
(3) Windows Server 2016 Standard/Datacenter
(4) Windows Server 2019 Standard/Datacenter
Cautions
(1) For a plug-in property, do not specify a character string that contains a double quotation mark (") or single quotation mark (').
Execution privilege
(1) The user who connects to the execution server must have the necessary permissions to view event log events.
Version
02.01.00
Plug-in tags
Gather OS information,Windows
Plug-in name displayed in the task log
osEventLogGetEvent
Return code
0: Normal
21: Error (invalid environment): No command was found. (An error was detected in the plug-in script.)
27: Error (Check the error details from a task log.)
41: Error (error detected in plug-in): Missing property (error detected in plug-in script)
Property list
The following table lists the properties:
Property key |
Property name |
Description |
Default value |
I/O type |
Required |
---|---|---|---|---|---|
plugin.destinationHost |
Host name of the execution target server |
Specify the host name or IP address of the server on which this plugin will be executed. IPv6 addresses are not supported. |
-- |
Input |
R |
Windows.eventLogName |
Event log name |
Specify the name of an event log. |
-- |
Input |
R |
common.outputFilePath |
Output file path |
Specifies the file to be output as a full path. |
-- |
Input |
R |
Windows.eventStartDateTime |
Event acquisition start date and time |
Obtain events that have occurred after the specified date and time. |
-- |
Input |
O |
common.returnValue |
Return value for the plugin |
The return value of this plugin stored. |
-- |
Output |
O |