Pull warnings/errors from event viewer via script
Hi Experts. Much like another question I just asked, I was curious how I could go about using a script or batch file to look through a computers event viewer and export/dump the errors and warnings for a particular time period (last 2 months/1 month/1week, etc).
This would be for Windows based OS's. Since I am not a programmer/scripter, I appreciate your help and patience with this!
This would be for Windows based OS's. Since I am not a programmer/scripter, I appreciate your help and patience with this!
ASKER
Thanks erik_nodland. So I install this on the pc and then run the command you wrote?
Yep. Just install it and then run the command from the directory where it was installed.
cheers
Erik
cheers
Erik
ASKER
I was able to create a quick batch file which launches the parcer app and gets the command switches to run except I am getting this error message:
Error: Syntax Error: extra token(s) after query: 'into'
Thoughts?
Error: Syntax Error: extra token(s) after query: 'into'
Thoughts?
ASKER
Quick snapshot of the script
cd\
cd "c:\program files\log parser 2.2"
logparser -i:evt -o:csv "SELECT EventLog, RecordNumber, TimeGenerated, EventID,EventType, EventTypeName, EventCategory, SourceName,ComputerName, Message FROM Application where TimeGenerated > '2010-07-06 00:00:00' into test.csv"
pause
ASKER
Got it!
Made a quick change to your command (see below):
logparser -i:evt -o:csv "SELECT EventLog, RecordNumber,
TimeGenerated, EventID,
EventType, EventTypeName, EventCategory, SourceName,
ComputerName, Message into test.csv FROM Application where TimeGenerated > '2010-07-06 00:00:00'"
Made a quick change to your command (see below):
logparser -i:evt -o:csv "SELECT EventLog, RecordNumber,
TimeGenerated, EventID,
EventType, EventTypeName, EventCategory, SourceName,
ComputerName, Message into test.csv FROM Application where TimeGenerated > '2010-07-06 00:00:00'"
cd\
cd "c:\program files\log parser 2.2"
logparser -i:evt -o:csv "SELECT EventLog, RecordNumber, TimeGenerated, EventID,EventType, EventTypeName, EventCategory, SourceName, ComputerName, Message INTO test.csv FROM Application where TimeGenerated > '2010-07-06 00:00:00'"
ASKER
my ref: http://technet.microsoft.com/en-us/library/ee692659.aspx
C:\>LogParser "SELECT TimeGenerated, SourceName,
EventCategoryName, Message INTO report.txt FROM Security WHERE
EventID = 528 AND SID LIKE '%TESTUSER%'" -resolveSIDs:ON
Thanks for your help!!
C:\>LogParser "SELECT TimeGenerated, SourceName,
EventCategoryName, Message INTO report.txt FROM Security WHERE
EventID = 528 AND SID LIKE '%TESTUSER%'" -resolveSIDs:ON
Thanks for your help!!
ASKER
@erik, if you copy/paste what I put in 33612546 into a new comment, I can accept your answer and award points.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the help!! Hope to work with you again!
-Aaron
-Aaron
Another tool you could look at for this job:
http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx
~bp
http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx
~bp
The easiest way is to use something like log parser. You can download it from here
http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en
You can use this to get all sorts of information. To query your application event log for the last 2 months just do
logparser -i:evt -o:csv "SELECT EventLog, RecordNumber,
TimeGenerated, EventID,
EventType, EventTypeName, EventCategory, SourceName,
ComputerName, Message
FROM Application
where TimeGenerated > '2010-07-06 00:00:00' into test.csv"
This should export it out to a CSV file called test.csv
HTH
Erik