?
Solved

Logparser 2.2 command line syntax.

Posted on 2007-03-20
4
Medium Priority
?
1,381 Views
Last Modified: 2012-05-05
What i need is a command line syntax using Logparser that i can use to on extracted event logs from domain controllers (.evt format), specifically parsing only the audit failures. All the .EVT files are extracted via script nightly and deposited into a network share i have access to. What i would like to do is deposit all those parsed entries of audit failures from the security logs into a .CSV file i can then look over and find anything that might be of particular interest. Ive already looked at all the different event log management tools, this is the method i am being told to use. Suggestions would be GREATLY appreciated..

Help me out and ill have your babies!
0
Comment
Question by:35armytech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 10

Accepted Solution

by:
fostejo earned 2000 total points
ID: 18784886
35armytech,

I'd suggest using the freely available Microsoft DumpEL support tool for this - it's available at http://download.microsoft.com/download/win2000platform/WebPacks/1.00.0.1/NT5/EN-US/Dumpel.exe

The following example command would list all events where the Source is 'tcpip' and the Event ID is '4201' from an Event Log backup file called 'systemlog.evt'

  dumpel -b -l systemlog.evt -e 4201 -m tcpip

By default, dumpel lists to the screen, using the -f parameter allows you to specify an output file and the -format parameter allows you to control which fields are exported.  The tool can also directly dump local or remote event logs without them having been previously exported..

cheers,
0
 

Author Comment

by:35armytech
ID: 18800006
So would this be a more effective means for dumping relevant field data to an XML file or .CSV for entry into an Access Database or Excel spreadsheet? Ive only been studying logparser since it had come so highly recommended.
0
 
LVL 10

Expert Comment

by:fostejo
ID: 18803131
35armytech,

I'd imagine so; the relevant command is above and could be simply imported into Excel ..

cheers
0
 

Author Comment

by:35armytech
ID: 18803177
Thanks, i appreciate the info.

kudos!
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction: Recently, I got a requirement to zip all files individually with batch file script in Windows OS. I don't know much about scripting, but I searched Google and found a lot of examples and websites to complete my task. Finally, I was ab…
In threads here at EE, each comment has a unique Identifier (ID). It is easy to get the full path for an ID via the right-click context menu. However, we often want to post a short link within a thread rather than the full link. This article shows a…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question