Solved

Logparser 2.2 command line syntax.

Posted on 2007-03-20
4
1,366 Views
Last Modified: 2012-05-05
What i need is a command line syntax using Logparser that i can use to on extracted event logs from domain controllers (.evt format), specifically parsing only the audit failures. All the .EVT files are extracted via script nightly and deposited into a network share i have access to. What i would like to do is deposit all those parsed entries of audit failures from the security logs into a .CSV file i can then look over and find anything that might be of particular interest. Ive already looked at all the different event log management tools, this is the method i am being told to use. Suggestions would be GREATLY appreciated..

Help me out and ill have your babies!
0
Comment
Question by:35armytech
  • 2
  • 2
4 Comments
 
LVL 10

Accepted Solution

by:
fostejo earned 500 total points
ID: 18784886
35armytech,

I'd suggest using the freely available Microsoft DumpEL support tool for this - it's available at http://download.microsoft.com/download/win2000platform/WebPacks/1.00.0.1/NT5/EN-US/Dumpel.exe

The following example command would list all events where the Source is 'tcpip' and the Event ID is '4201' from an Event Log backup file called 'systemlog.evt'

  dumpel -b -l systemlog.evt -e 4201 -m tcpip

By default, dumpel lists to the screen, using the -f parameter allows you to specify an output file and the -format parameter allows you to control which fields are exported.  The tool can also directly dump local or remote event logs without them having been previously exported..

cheers,
0
 

Author Comment

by:35armytech
ID: 18800006
So would this be a more effective means for dumping relevant field data to an XML file or .CSV for entry into an Access Database or Excel spreadsheet? Ive only been studying logparser since it had come so highly recommended.
0
 
LVL 10

Expert Comment

by:fostejo
ID: 18803131
35armytech,

I'd imagine so; the relevant command is above and could be simply imported into Excel ..

cheers
0
 

Author Comment

by:35armytech
ID: 18803177
Thanks, i appreciate the info.

kudos!
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

You may have already been in the need to update a whole folder stucture using a script. Robocopy does it well and even provides a list of non-updated files in a log (if asked to). Generally those files that were locked by a user or a process by the …
Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now