Advanced Event Log Viewer

NGPSoft1
NGPSoft1 used Ask the Experts™
on
I am looking for an event log viewer that will allow me to filter the results based on a keyword in the description.  I know that you can use the Window Event Viewer and MyEventViewer from NirSoft to find the next record but I am looking to filter the results so that I can view them all together.

The tool must also have a GUI to displays the results.

Does this type of tool exist?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Brian PiercePhotographer
Awarded 2007
Top Expert 2008

Commented:
There is a FILTER option in the event viewer itself - won't that do ?

Author

Commented:
Does that filter option allow you to filter based on the description?  Take the log below.  How would I filter based on the word "NTPClient" located in the description?

Log Name:      System
Source:        Microsoft-Windows-Time-Service
Date:          9/24/2010 12:00:31 AM
Event ID:      129
Task Category: None
Level:         Warning
Keywords:      
User:          LOCAL SERVICE
Computer:      mycomputer.mydomain.com
Description:
NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Time-Service" Guid="{06EDCFEB-0FD0-4E53-ACCA-A6F8BBF81BCB}" />
    <EventID>129</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2010-09-24T04:00:31.739254600Z" />
    <EventRecordID>15250</EventRecordID>
    <Correlation />
    <Execution ProcessID="1180" ThreadID="3256" />
    <Channel>System</Channel>
    <Computer>ULLR.ngpsoftware.com</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData Name="TMP_EVENT_DOMAIN_PEER_DISCOVERY_ERROR">
    <Data Name="ErrorMessage">The entry is not found. (0x800706E1)</Data>
    <Data Name="RetryMinutes">3473457</Data>
  </EventData>
</Event>

Author

Commented:
Thalarctos, your suggestion works perfectly.

KCTS, if you can tell me how to use Event Viewer itself to filter based on the description I will split the points.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial