Solved

Logparser 2.2 command line syntax.

Posted on 2007-03-20
4
1,367 Views
Last Modified: 2012-05-05
What i need is a command line syntax using Logparser that i can use to on extracted event logs from domain controllers (.evt format), specifically parsing only the audit failures. All the .EVT files are extracted via script nightly and deposited into a network share i have access to. What i would like to do is deposit all those parsed entries of audit failures from the security logs into a .CSV file i can then look over and find anything that might be of particular interest. Ive already looked at all the different event log management tools, this is the method i am being told to use. Suggestions would be GREATLY appreciated..

Help me out and ill have your babies!
0
Comment
Question by:35armytech
  • 2
  • 2
4 Comments
 
LVL 10

Accepted Solution

by:
fostejo earned 500 total points
ID: 18784886
35armytech,

I'd suggest using the freely available Microsoft DumpEL support tool for this - it's available at http://download.microsoft.com/download/win2000platform/WebPacks/1.00.0.1/NT5/EN-US/Dumpel.exe

The following example command would list all events where the Source is 'tcpip' and the Event ID is '4201' from an Event Log backup file called 'systemlog.evt'

  dumpel -b -l systemlog.evt -e 4201 -m tcpip

By default, dumpel lists to the screen, using the -f parameter allows you to specify an output file and the -format parameter allows you to control which fields are exported.  The tool can also directly dump local or remote event logs without them having been previously exported..

cheers,
0
 

Author Comment

by:35armytech
ID: 18800006
So would this be a more effective means for dumping relevant field data to an XML file or .CSV for entry into an Access Database or Excel spreadsheet? Ive only been studying logparser since it had come so highly recommended.
0
 
LVL 10

Expert Comment

by:fostejo
ID: 18803131
35armytech,

I'd imagine so; the relevant command is above and could be simply imported into Excel ..

cheers
0
 

Author Comment

by:35armytech
ID: 18803177
Thanks, i appreciate the info.

kudos!
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Register AutoHotkey 12 59
Run MS Access Module from Macro / Bat File 9 76
Running VB/Batch script through Group policy 30 80
Auto-indent certain lines in Notepad++ 10 35
Over the years I have built up my own little library of code snippets that I refer to when programming or writing a script.  Many of these have come from the web or adaptations from snippets I find on the Web.  Periodically I add to them when I come…
Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
The viewer will learn how to dynamically set the form action using jQuery.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now