« Previous Next »

• 04-27-2009, 11:12 AM

  rlawson Joined on 04-27-2009, 11:06 AM Posts 2	Logparser 2.2 Reply Contact If logparser 2.2 compatible with windows 2008/64bit? to see security .evt logs I I am using logparser 2.2 and it was working perfect until the domain controllers were upgraded to windows 2008 64bit, now I get a file is corrupt. Need help  Thanks
  	Tags: EVT input formatinput formatlogparser

• 04-27-2009, 10:20 PM

  In reply to

  joelangley Joined on 07-20-2008, 6:37 PM Posts 180	Re: Logparser 2.2 Reply Contact  yes, it does work on 64 bit. The evt logs are different in vista and win2008...refer here: http://blogs.msdn.com/carloc/archive/2008/06/10/logparser-event-logs-on-vista-windows-2008.aspx Check out my blog for other cool tips and tricks: http://joelangley.blogspot.com/

• 04-28-2009, 11:51 AM

  In reply to

  rlawson Joined on 04-27-2009, 11:06 AM Posts 2

  Re: Logparser 2.2 Reply Contact Mr. Langley   Is wevtutil a utility that I have to download, I am working on a window XP, and the logs that I am retrieving are on a syslog server, this is where the files are dumped from a DomainController which has been upgrated to windows 2008/64bit server. The commands I'm using is as follow: logparser -i:EVT -o:CSV "Select EventID, EventTypeName, TimeGenerated, ComputerName, Strings INTO DCSTL02-Apr17results.csv FROM DCSTL02-4-18-2009*.evt WHERE (EventID = '517') OR (EventID = '529') OR (EventID = '531') OR (EventID = '535') OR (EventID = '539') OR (EventID = '624') OR (EventID = '627') OR (EventID = '628') OR (EventID = '630') OR (EventID = '633') OR (EventID = '642') OR (EventID = '644')" And I get a corrupt file. I tried using "wevtutil epl Dcstl02-4-18-2009.evt Dcstl02-4-18-2009.evtx/if:true" , but I get "is not recognized as an internal or external command operable program or batch file." I need your help. Thanks