I'd like to monitor some machine's system logs for reboots (event 6009) during the past hour. I already know how to do it for the last 24 hours from the Log Parser 2.1 FAQ (http://www.larkware.com/Articles/LogParser2.0Help.html): D:\>LogParser "SELECT EventLog,
RecordNumber, TimeGenerated, EventID, EventType, EventTypeName, EventCategory, SourceName, ComputerName, Message FROM System WHERE TO_DATE(TimeGenerated) = TO_DATE(SUB(SYSTEM_TIMESTAMP(), TO_TIMESTAMP('01-02', 'MM-dd'))) AND EventID = 6009" Thanks!
Mike
[.....] WHERE TimeGenerated >= SUB(SYSTEM_TIMESTAMP(), TIMESTAMP('01:00:00', 'hh:mm:ss'))
------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
See my other post...I forgot that you need "TO_UTCTIME(TimeGenerated)", since TimeGenerated is in local time, while SYSTEM_TIMESTAMP() is in UTC time.
------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"
Anonymous
6623 Posts
How to list events during the past hour?
Feb 09, 2004 10:54 PM|LINK
Anonymous
6623 Posts
Re: How to list events during the past hour?
Feb 10, 2004 12:54 AM|LINK
[.....] WHERE TimeGenerated >= SUB(SYSTEM_TIMESTAMP(), TIMESTAMP('01:00:00', 'hh:mm:ss'))
------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm
Anonymous
6623 Posts
Re: How to list events during the past hour?
Feb 10, 2004 03:14 PM|LINK
Didn't get any output. Is the WHERE condition correct?
Anonymous
6623 Posts
Re: How to list events during the past hour?
Feb 10, 2004 03:47 PM|LINK
See my other post...I forgot that you need "TO_UTCTIME(TimeGenerated)", since TimeGenerated is in local time, while SYSTEM_TIMESTAMP() is in UTC time.
------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm"
Anonymous
6623 Posts
Re: How to list events during the past hour?
Feb 10, 2004 10:48 PM|LINK
Awesome, this worked:
logparser "SELECT TimeGenerated, Message FROM System WHERE TO_UTCTIME(TimeGenerated) >= SUB(SYSTEM_TIMESTAMP(), TIMESTAMP('01:00:00','hh:mm:ss'))"
Thanks!
-Mike