Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Searching Event Log with eventquery.vbs is weak, have a better way? 2

Status
Not open for further replies.
meekrob

meekrob

MIS
Feb 13, 2002
127
US
I'd like to be able to search my event log for a regular expression, much like grepping a Unix log. I found the tool "eventquery.vbs" (described here: ). But it seems that you can only filter on the event type, date and so forth. Am I wrong?

So I'd like to get input from the community; what tools do you use to search your log? I'm looking for:

1.) Built in Microsoft tools. (like eventquery.vbs)
2.) Free third party tools.
3.) Commercial third party tools.

in that order of preference ...

Currently I save my logs, then use grep with a cygwin shell. But installing cygwin isn't an option on every server I support.

Thank you!
 
Sort by date Sort by votes
Thanks!

"The world is your database with Log Parser."

Wow.

I am marginally familiar with SQL commands, but this looks good. Can you help me with a query that will search all the event logs and all fields for a certain string?
 
Upvote 0 Downvote
I havent use it in a while as I have it all scripted and don’t pay much attention to it, you really need to read the docs and play with the syntax. Here is something i do regularly with it and may give you a good starting point.

logparser "SELECT * FROM \\servername\security WHERE EventID = 529 AND TimeGenerated > '2006-07-25 00:00:01' AND TimeGenerated < '2006-08-07 00:00:00'" -i:EVT -o:CSV >servername.txt

a basic select statement against a remote servers eventlog for a specific eventid, between two dates, and it saves it as a comma delimited text file that i then import into excel and delete the columns i dont wont to see. i then import this info into a sql database and created crystal reports and make it all pretty for auditors.

RoadKi11
 
Upvote 0 Downvote
Hi,

Last week I discoverd the MS W2K3 resource kit tool
eventcombmt. It's a great tool. You can search on many different quailifiers. Last week I searched 60+ servers, over a million event viewer entries for a specfic string in about 25 minutes!


EventCombMT is a multithreaded tool that you can use to search the event logs of several different computers for specific events, all from one central location. You can configure EventCombMT to search the event logs in a very detailed fashion. The following are some of the search parameters that you can specify:• Individual event IDs
• Multiple event IDs
• A range of event IDs
• An event source
• Specific event text
• How many minutes, hours, or days back to scan


Find out more about it here:

and download it from here:


If you need any help let me know!

Dan
 
Upvote 0 Downvote
Danfall33,

Thanks! This tool works really well. It's simple and a bit limited, but exactly what I need for this task. Thanks for the intro.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
467
gbaughma
gbaughma
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
399
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
270
DrB0b
DrB0b
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
108
RRankin355
RRankin355
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
137
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top