probe this: LogParser "SELECT TimeGenerated, EventId,EventTypeName, EventCategoryName, extract_token(strings,10,'|') as UserName, extract_token(strings,2,'|') as File INTO security.txt FROM \\remoteserver\Security WHERE extract_token(string,1,'|') like 'File' and File = 'D:\data\Public\apps\Research...

I'm developing an application that loads event logs into SQL Server 2005 using the LogParser 2.2 COM interface - this all works fine. However, I am supplied with binary EVT files from a large number of servers / clients running Win2003, WinXP and Vista and depending upon which platform the files are...

Must Be: WHERE TimeGenerated BETWEEN TO_TIMESTAMP('2007-05-22 00:00:01', 'yyyy-MM-dd hh:mm:ss') AND TO_TIMESTAMP('2007-05-24 23:59:59', 'yyyy-MM-dd hh:mm:ss') Probe!

I'm struggling with querying for all events on a certain date. I've tried to use "between" on the timegenerated fields, but it's difficult. I actually just need a count of all events on a single day. Here's what I've got so far: logparser -i:evt -o nat "select count(*) from system where timegenerated...

I have two issues here to address, both related to the hanging of remote queries. For starters I'm using C++ to communicate to the COM API of log parser. I'm able to create a LogQuery object, collect event log data both locally and remotely for a large list of hosts. My first problem is that even though...

I have discovered something but have not found an answer for it. It appears that when I run the job to collect the data on Monday logparser crashes. I have found that if I remove the CheckPoint file the job will then run. I then looked in the event log of the machine it was running against and found...

Hello, I am auditing a particular file for successful access. I can use the follwoing to get all 560 events, but I would like to narrow the search to just the particular file I am auditing: LogParser "SELECT TimeGenerated, SourceName, EventCategoryName, EventType, Message INTO security.txt FROM \\remoteserver...

It is the only way I know of. You can use an AD query tool (or even LP itself) to query for a list of computers and feed that list in to LP.

Is it possible to parse an entire workgroup or domain? I know you can use UNC notation i.e. \\systemname\security but what if I want to scan the entire network? Is having a list of computer to feed into Log Parser the only way? Thanks!!

Hi, Why not use SQL (Express)? If the front-end has to be Access, you might get lucky with linked tables. HTH