Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Searching Event Log with eventquery.vbs is weak, have a better way? 2

Status
Not open for further replies.

meekrob

MIS
Feb 13, 2002
127
US
I'd like to be able to search my event log for a regular expression, much like grepping a Unix log. I found the tool "eventquery.vbs" (described here: ). But it seems that you can only filter on the event type, date and so forth. Am I wrong?

So I'd like to get input from the community; what tools do you use to search your log? I'm looking for:

1.) Built in Microsoft tools. (like eventquery.vbs)
2.) Free third party tools.
3.) Commercial third party tools.

in that order of preference ...

Currently I save my logs, then use grep with a cygwin shell. But installing cygwin isn't an option on every server I support.

Thank you!
 
Thanks!

"The world is your database with Log Parser."

Wow.

I am marginally familiar with SQL commands, but this looks good. Can you help me with a query that will search all the event logs and all fields for a certain string?
 
I havent use it in a while as I have it all scripted and don’t pay much attention to it, you really need to read the docs and play with the syntax. Here is something i do regularly with it and may give you a good starting point.

logparser "SELECT * FROM \\servername\security WHERE EventID = 529 AND TimeGenerated > '2006-07-25 00:00:01' AND TimeGenerated < '2006-08-07 00:00:00'" -i:EVT -o:CSV >servername.txt

a basic select statement against a remote servers eventlog for a specific eventid, between two dates, and it saves it as a comma delimited text file that i then import into excel and delete the columns i dont wont to see. i then import this info into a sql database and created crystal reports and make it all pretty for auditors.

RoadKi11
 
Hi,

Last week I discoverd the MS W2K3 resource kit tool
eventcombmt. It's a great tool. You can search on many different quailifiers. Last week I searched 60+ servers, over a million event viewer entries for a specfic string in about 25 minutes!


EventCombMT is a multithreaded tool that you can use to search the event logs of several different computers for specific events, all from one central location. You can configure EventCombMT to search the event logs in a very detailed fashion. The following are some of the search parameters that you can specify:• Individual event IDs
• Multiple event IDs
• A range of event IDs
• An event source
• Specific event text
• How many minutes, hours, or days back to scan


Find out more about it here:

and download it from here:


If you need any help let me know!

Dan
 
Danfall33,

Thanks! This tool works really well. It's simple and a bit limited, but exactly what I need for this task. Thanks for the intro.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top