asked on Recommend a Windows server log analyser
Hi Experts
Can you recommend a good (free) basic Windows Event log analyser
I am looking for something simple, to perform on demand analysis
I have a server which generated 25K event in 4 days and I would like to analyse the logs (possibly offline as the server itself is getting old and slow)
Any suggestion ?
Alexandre
Can you recommend a good (free) basic Windows Event log analyser
I am looking for something simple, to perform on demand analysis
I have a server which generated 25K event in 4 days and I would like to analyse the logs (possibly offline as the server itself is getting old and slow)
Any suggestion ?
Alexandre
Windows Server 2008Windows OSIT Administration
Last Comment
Alexandre Michel
Is it always the same Event ID?
always first try something official from MS: Log Parser 2.2, a SQL-like query engine for collecting logs from varied sources.
https://technet.microsoft.com/en-au/scriptcenter/dd919274.aspx
https://technet.microsoft.com/en-au/scriptcenter/dd919274.aspx
ASKER
Benjamin
No, it is not always the same event, there are lots of different event IDs
Bing,
Thanks for that. It looks promising. I will look into it.
No, it is not always the same event, there are lots of different event IDs
Bing,
Thanks for that. It looks promising. I will look into it.
ASKER
Bing,
Log Parser 2.2 seems to be a Command Line based tool. Is that correct? Any GUI that you know of?
Log Parser 2.2 seems to be a Command Line based tool. Is that correct? Any GUI that you know of?
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Hi,
you may also try Event Log Consolidator tool from SolarWinds - http://www.solarwinds.com/free-tools/event-log-consolidator
It is an efficient tool (GUI) to help you organize event logs in SMBs.
you may also try Event Log Consolidator tool from SolarWinds - http://www.solarwinds.com/free-tools/event-log-consolidator
It is an efficient tool (GUI) to help you organize event logs in SMBs.
ASKER
Damjan, thanks for the suggestion. I tried it ... but cannot get it to look at Windows "Application Event" logs. It seems to only look at the "File Replication Service" log for some reason...
Bing, the Log Parser studio looks great ... but ... I need to know SQL query to use it! Which I don't ... Luckily there are a number of samples I can use. This allowed me to create a first meaningful analysis
Bing, the Log Parser studio looks great ... but ... I need to know SQL query to use it! Which I don't ... Luckily there are a number of samples I can use. This allowed me to create a first meaningful analysis
ASKER
Bing
Are you familiar with SQL & Log Parser or should I ask a new question?
I would like to modify this query to only use the last nn entries or the entries since xx (date & time)
Also is there a way to restrict the report to only items whose Count is > 100 ?
Are you familiar with SQL & Log Parser or should I ask a new question?
I would like to modify this query to only use the last nn entries or the entries since xx (date & time)
SELECT SourceName,
BIT_AND(EventID, 0x3fffffff) as EventID,
EventTypeName,
COUNT(*) As Entries
FROM APPLICATION
GROUP BY SourceName, EventID, EventTypeName
ORDER BY Entries DESC
Also is there a way to restrict the report to only items whose Count is > 100 ?
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks for that Bing