General Discussion

Re: Scaning multiple *.evt file for particular event ID

freakunleash — Tue, 30 Jun 2009 11:49:50 GMT

Hi Joe, Sorry for replying late. I was not in town. Thanks for your response. It works like a charm. Is it possible to modify it slightly were if i want to find event ID, Users name & computer name all through single command. here is the senario where i want to find event ID 540 of a user "abc" on computer name "xyz"

Re: Scaning multiple *.evt file for particular event ID

joelangley — Thu, 04 Jun 2009 13:20:58 GMT

To parse one file you would do something like this (just change to the path and name of your .evt file and update the EventID)

Logparser -i:EVT "SELECT * FROM system.evt WHERE EventID=15" -o:DataGrid

To search more than one file, use the multiplex feature. You could do something like:

Logparser -i:EVT "SELECT * FROM d:\myEventlogs\*.evt WHERE EventID=15" -o:DataGrid

Let me know if this works.

Scaning multiple *.evt file for particular event ID

freakunleash — Thu, 04 Jun 2009 11:43:44 GMT

Hi All, I'm new to Logparser & need some help. I have a file server (DAS) where I have enabled Auditing for file creation/deletion. This server have huge amount of data (around 4TB) & I want to track down if anybody has deleted any file from the server. This create huge amount of events in event logs, for that I have created a sechudle task to run a VB Script which runs after every 10 min & save the logs on C drive with "servername-logtype-DDMMYY-HHMM.evt" format. I want the search string to scan multiple security event logs saved on loacl machine to scan for particular event ID. Regards BW