Security ログとアーカイブされた Security ログが C:\temp に保存されているとして
@echo off
FOR %%f IN (c:\temp\*.evtx) do logparser.exe “SELECT timegenerated, EVENTID, EXTRACT_TOKEN(Strings,5,’|’) AS UserName, EXTRACT_TOKEN(Strings,6,’|’) AS DomainName, EXTRACT_TOKEN(Strings,13,’|’) AS Workstation, EXTRACT_TOKEN(Strings,7,’|’) AS Status, EXTRACT_TOKEN(Strings,9,’|’) AS SubStatus, EXTRACT_TOKEN(Strings,10,’|’) AS LogonTYPE, EXTRACT_TOKEN(Strings,12,’|’) AS AuthenticationPackageName, EXTRACT_TOKEN(Strings,19,’|’) AS IpAddress, EXTRACT_TOKEN(Strings,20,’|’) AS IpPort INTO c:\temp\out.csv FROM %%f WHERE EventID=4625 ORDER BY timegenerated ASC” -o:csv -i:evt -filemode 0