« Previous Next »

• 06-04-2009, 7:43 AM

  freakunleash Joined on 06-04-2009, 7:41 AM Posts 2

  Scaning multiple *.evt file for particular event ID Reply Contact Hi All, I'm new to Logparser & need some help. I have a file server (DAS) where I have enabled Auditing for file creation/deletion. This server have huge amount of data (around 4TB) & I want to track down if anybody has deleted any file from the server. This create huge amount of events in event logs, for that I have created a sechudle task to run a VB Script which runs after every 10 min & save the logs on C drive with "servername-logtype-DDMMYY-HHMM.evt" format. I want the search string to scan multiple security event logs saved on loacl machine to scan for particular event ID. Regards BW

• 06-04-2009, 9:20 AM

  In reply to

  joelangley Joined on 07-20-2008, 6:37 PM Posts 180

  Re: Scaning multiple *.evt file for particular event ID Reply Contact To parse one file you would do something like this (just change to the path and name of your .evt file and update the EventID) Logparser -i:EVT "SELECT * FROM system.evt WHERE  EventID=15" -o:DataGrid To search more than one file, use the multiplex feature. You could do something like: Logparser -i:EVT "SELECT * FROM d:\myEventlogs\*.evt WHERE  EventID=15" -o:DataGrid Let me know if this works. Check out my blog for other cool tips and tricks: http://joelangley.blogspot.com/

• 06-30-2009, 7:49 AM

  In reply to

  freakunleash Joined on 06-04-2009, 7:41 AM Posts 2	Re: Scaning multiple *.evt file for particular event ID Reply Contact Hi Joe, Sorry for replying late. I was not in town. Thanks for your response. It works like a charm. Is it possible to modify it slightly were if i want to find event ID, Users name & computer name all through single command. here is the senario where i want to find event ID 540 of a user "abc" on computer name "xyz"