Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Dumpel
- Thread starter Nozy
- Start date
Dumpel.exe can do the job, just change the l- parameter:
dumpel -s MyServer -l event log -f filename_out.txt
where s specifies the name of the machine whose event logs you want to dump (in the example, MyServer), l specifies which log to dump (e.g., security, application, system), e is a filtering switch that specifies the event ID to be filtered out, and f specifies the name of the file to which dumpel .exe will write the dump results.
Example:
dumpel -s MyServer -l security -f Security_out.txt
dumpel -s MyServer -l application -f Application_out.txt
dumpel -s MyServer -l event log -f filename_out.txt
where s specifies the name of the machine whose event logs you want to dump (in the example, MyServer), l specifies which log to dump (e.g., security, application, system), e is a filtering switch that specifies the event ID to be filtered out, and f specifies the name of the file to which dumpel .exe will write the dump results.
Example:
dumpel -s MyServer -l security -f Security_out.txt
dumpel -s MyServer -l application -f Application_out.txt
- Thread starter
- #3
<ip> is not a valid event log name. "l specifies which log to dump (e.g., security, application, system)"
From Technet:
Dump Event Log Tool (Dumpel.exe)
Dump Event Log is a command-line tool, included in the Windows 2000 Server Resource Kit, Supplement One (Microsoft Press, ISBN: 0-7356-1279-X). It will dump an event log for a local or remote system into a tab separated text file. This file could then be imported into a spreadsheet or database for further investigation. The tool can also be used to filter for or filter out certain event types.
The following syntax is used by the dumpel.exe tool:
dumpel -f file [-s \\server] [-l log [-m source]] [-e n1 n2 n3...] [-r] [-t] [-d x]
Where:
• -f file. Specifies the file name for the output file. There is no default for -f, so you must specify the file.
• -s server. Specifies the server for which you want to dump the event log. Leading backslashes on the server name are optional.
• -l log. Specifies which log (system, application, security) to dump. If an invalid log name is specified, the application log is dumped.
• -m source. Specifies in which source (such as redirector (rdr), serial, and so on) to dump records. Only one source can be supplied. If this switch is not used, all events are dumped. If a source is used that is not registered in the registry, the application log is searched for records of this type.
• -e n1 n2 n3. Filters for event ID nn (up to 10 can be specified). If the -r switch is not used, only records of these types are dumped; if -r is used, all records except records of these types are dumped. If this switch is not used, all events from the specified sourcename are selected. You cannot use this switch without the -m switch.
• -r. Specifies whether to filter for specific sources or records, or to filter them out.
• -t. Specifies that individual strings are separated by tabs. If -t is not used, strings are separated by spaces.
• -d x. Dumps events for the past x days.
Note: Dumpel can only retrieve content from the system, application, and security log files. You cannot use Dumpel to query content from the File Replication Service, Domain Name System (DNS), or Directory Service event logs.
For other event logging utilities, see:
From Technet:
Dump Event Log Tool (Dumpel.exe)
Dump Event Log is a command-line tool, included in the Windows 2000 Server Resource Kit, Supplement One (Microsoft Press, ISBN: 0-7356-1279-X). It will dump an event log for a local or remote system into a tab separated text file. This file could then be imported into a spreadsheet or database for further investigation. The tool can also be used to filter for or filter out certain event types.
The following syntax is used by the dumpel.exe tool:
dumpel -f file [-s \\server] [-l log [-m source]] [-e n1 n2 n3...] [-r] [-t] [-d x]
Where:
• -f file. Specifies the file name for the output file. There is no default for -f, so you must specify the file.
• -s server. Specifies the server for which you want to dump the event log. Leading backslashes on the server name are optional.
• -l log. Specifies which log (system, application, security) to dump. If an invalid log name is specified, the application log is dumped.
• -m source. Specifies in which source (such as redirector (rdr), serial, and so on) to dump records. Only one source can be supplied. If this switch is not used, all events are dumped. If a source is used that is not registered in the registry, the application log is searched for records of this type.
• -e n1 n2 n3. Filters for event ID nn (up to 10 can be specified). If the -r switch is not used, only records of these types are dumped; if -r is used, all records except records of these types are dumped. If this switch is not used, all events from the specified sourcename are selected. You cannot use this switch without the -m switch.
• -r. Specifies whether to filter for specific sources or records, or to filter them out.
• -t. Specifies that individual strings are separated by tabs. If -t is not used, strings are separated by spaces.
• -d x. Dumps events for the past x days.
Note: Dumpel can only retrieve content from the system, application, and security log files. You cannot use Dumpel to query content from the File Replication Service, Domain Name System (DNS), or Directory Service event logs.
For other event logging utilities, see:
<ip> is not a valid event log name. "l specifies which log to dump (e.g., security, application, system)" I think you want to use the -m switch for the ip address as well as the event source descriptor.
From Technet:
Dump Event Log Tool (Dumpel.exe)
Dump Event Log is a command-line tool, included in the Windows 2000 Server Resource Kit, Supplement One (Microsoft Press, ISBN: 0-7356-1279-X). It will dump an event log for a local or remote system into a tab separated text file. This file could then be imported into a spreadsheet or database for further investigation. The tool can also be used to filter for or filter out certain event types.
The following syntax is used by the dumpel.exe tool:
dumpel -f file [-s \\server] [-l log [-m source]] [-e n1 n2 n3...] [-r] [-t] [-d x]
Where:
• -f file. Specifies the file name for the output file. There is no default for -f, so you must specify the file.
• -s server. Specifies the server for which you want to dump the event log. Leading backslashes on the server name are optional.
• -l log. Specifies which log (system, application, security) to dump. If an invalid log name is specified, the application log is dumped.
• -m source. Specifies in which source (such as redirector (rdr), serial, and so on) to dump records. Only one source can be supplied. If this switch is not used, all events are dumped. If a source is used that is not registered in the registry, the application log is searched for records of this type.
• -e n1 n2 n3. Filters for event ID nn (up to 10 can be specified). If the -r switch is not used, only records of these types are dumped; if -r is used, all records except records of these types are dumped. If this switch is not used, all events from the specified sourcename are selected. You cannot use this switch without the -m switch.
• -r. Specifies whether to filter for specific sources or records, or to filter them out.
• -t. Specifies that individual strings are separated by tabs. If -t is not used, strings are separated by spaces.
• -d x. Dumps events for the past x days.
Note: Dumpel can only retrieve content from the system, application, and security log files. You cannot use Dumpel to query content from the File Replication Service, Domain Name System (DNS), or Directory Service event logs.
For other event logging utilities, see:
From Technet:
Dump Event Log Tool (Dumpel.exe)
Dump Event Log is a command-line tool, included in the Windows 2000 Server Resource Kit, Supplement One (Microsoft Press, ISBN: 0-7356-1279-X). It will dump an event log for a local or remote system into a tab separated text file. This file could then be imported into a spreadsheet or database for further investigation. The tool can also be used to filter for or filter out certain event types.
The following syntax is used by the dumpel.exe tool:
dumpel -f file [-s \\server] [-l log [-m source]] [-e n1 n2 n3...] [-r] [-t] [-d x]
Where:
• -f file. Specifies the file name for the output file. There is no default for -f, so you must specify the file.
• -s server. Specifies the server for which you want to dump the event log. Leading backslashes on the server name are optional.
• -l log. Specifies which log (system, application, security) to dump. If an invalid log name is specified, the application log is dumped.
• -m source. Specifies in which source (such as redirector (rdr), serial, and so on) to dump records. Only one source can be supplied. If this switch is not used, all events are dumped. If a source is used that is not registered in the registry, the application log is searched for records of this type.
• -e n1 n2 n3. Filters for event ID nn (up to 10 can be specified). If the -r switch is not used, only records of these types are dumped; if -r is used, all records except records of these types are dumped. If this switch is not used, all events from the specified sourcename are selected. You cannot use this switch without the -m switch.
• -r. Specifies whether to filter for specific sources or records, or to filter them out.
• -t. Specifies that individual strings are separated by tabs. If -t is not used, strings are separated by spaces.
• -d x. Dumps events for the past x days.
Note: Dumpel can only retrieve content from the system, application, and security log files. You cannot use Dumpel to query content from the File Replication Service, Domain Name System (DNS), or Directory Service event logs.
For other event logging utilities, see:
- Thread starter
- #6
Thanks for the reply
I agree with the examples that you sent. We have services in the event viewer called ivr_audit_log.
It works for security, application, system but not for ivr_auditlog.
e.g
dumpel -f ivr_auditlog.out -s 192.192.3.1 -l ivr_auditlog
returned
You must specify a log to dump
Cheers
Nozy
I agree with the examples that you sent. We have services in the event viewer called ivr_audit_log.
It works for security, application, system but not for ivr_auditlog.
e.g
dumpel -f ivr_auditlog.out -s 192.192.3.1 -l ivr_auditlog
returned
You must specify a log to dump
Cheers
Nozy
You are correct, that it only recognizes the standard log types and not a custom audit log.
Did you have a chance to read:
I think you could achieve what you want by filtering events and using a different tool than Dumpel:
EventCombMT
EventCombMT is a multi-threaded tool that will parse event logs from many servers at the same time, spawning a separate thread of execution for each server that is included in the search criteria. EventCombMT is included with the Microsoft Windows Server 2003 Resource Kit Tools, for more information see:
Did you have a chance to read:
I think you could achieve what you want by filtering events and using a different tool than Dumpel:
EventCombMT
EventCombMT is a multi-threaded tool that will parse event logs from many servers at the same time, spawning a separate thread of execution for each server that is included in the search criteria. EventCombMT is included with the Microsoft Windows Server 2003 Resource Kit Tools, for more information see:
- Thread starter
- #8
- Thread starter
- #9
- Status