Friday, September 5, 2008

Log Parser Fun

Recently I needed to interogate the event logs of about 80 servers for a particular event. Well Windows doesn't exactly make that sort of thing easy. Being a fan of the free tool Log Parser I was able to make pretty short work out of what could have been a very time consuming task.

First I set about getting the names of all my servers into a text file called servers.txt (each server on a new line).

Then I used a simple FOR loop with Log Parser to rip through the servers event logs and look for the particular event. Any instances it found I placed into a new log file. The FOR loop I used was simply:

FOR /f %i in (c:\servers.txt) do @LogParser.exe -i:EVT -o:CSV "SELECT computername,message FROM \\%i\System WHERE eventid= '531'" >>c:\event-capture.log

The script can be run direct from the commandline and all it does is loops the the servers looking for the event 531 in the System Event Log and outputs the computername and message fields in csv format to a text file called event-capture.log

And that's pretty much it on Log Parser for now.

I do recommend the Log Parser book from Syngress Publishing for some really funky uses of Log Parser and a nice post from George Starcher can be found here on integrating Log Parser with other tools for some real geeky fun!

Log Parser is a free tool and can be downloaded from here. Whilst googling around I came across another free tool that is like a GUI front end for Log Parser called Log Parser Lizard. It's well worth a look and can be found here.

1 comment:

Anonymous said...

This is stylish! Thanks!