BDizzle
asked on
Search Multiple Event Log Files
I am saving my file share audit log files in 20 MB increments to a share. They are .EVT format (classic windows event log). I can easily convert them to .EVTX, but I occasionally need to search 4 days worth of logs for a specific entry. I really have no easy method of searching 100 .EVT or .EVTX files for a specific entry. Any help would be greatly appreciated.
Seaton007
Maybe something like this: http://www.manageengine.com/products/eventlog
Have you looked at logparser?
http://www.microsoft.com/en-us/download/details.aspx?id=24659
You should be able to use a for loop to run it against multiple, e.g. something like this (sorry not got to hand to test at the mo.)
Steve
@echo off
cd /d "C:\root\of\evt area"
for /f "tokens=*" %%f in ('dir /b /a-d /s *.evt') do (
echo Looking at %%f
" c:\program files\log parser 2.2\logparser" -c -i:EVT -o:TEXLINE "%%~f" output.csv
)
http://www.microsoft.com/en-us/download/details.aspx?id=24659
You should be able to use a for loop to run it against multiple, e.g. something like this (sorry not got to hand to test at the mo.)
Steve
@echo off
cd /d "C:\root\of\evt area"
for /f "tokens=*" %%f in ('dir /b /a-d /s *.evt') do (
echo Looking at %%f
" c:\program files\log parser 2.2\logparser" -c -i:EVT -o:TEXLINE "%%~f" output.csv
)
and build your query into logparser command, or export the lot to CSV or whatever and search that.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I had tried event eventlog parser with no success. I probably had the syntax wrong... I will look at some of those tools listed.
ASKER
Installed splunk, and indexed within 20 minutes. Found what I needed right away! Thanks!