It does not appear that you can sent the output of queryies of event logs into local files. I am tyring: C:\Program Files\Log Parser 2.2>logparser -i:EVT -o:CSV "SELECT TimeGenerated, EventID, SourceName, Message INTO c:\downloads\test.csv FROM \\Server\application WHERE EventTypeName = 'Error event...

The problem isn't with the format of the date string you are building. The problem is that LP doesn't compare fields of a data type TIMESTAMP to strings. It will only compare them to other TIMESTAMP fields (or DATE or TIME but that is beside the point. Try modifying the code where you inject date2 and...

I am using a VBS script to run a log parser query. I am having a problem with the date function problem. For some reason I keep getting a not valid W3C timestamp. Below is my code. '-------------------------------------------------------------------------------------------------------- ' ' VBS File Name...

It may be easier to run Log Parser on each machine locally and roll-up the output to a central machine. I believe setting up Log Parser as a scheduled task may be easier than the approach you are looking at (much of the permissions would happen at setup).

There isn't really any other way around it. LP uses the IPC$ share to communicate with the remote machine. the IPC$ share by default is configured to only be accessible by people in the administrators group. You can certainly use local account impersonation by creating a local account with the same name...

Quite a few times people seem to have asked this question: How can I access eventlogs on a remote server use logParser? The anwser seems to be that the user running logparser needs to have admin rights on the remote machine. Alas this is not always so easy. Imagine this: I want to build a tool that monitors...

Did you try looking at the error message returned from this query? It seems pretty straight-forward to me when I tried running it. Error: WHERE clause: Syntax Error: unknown field 'error' You have "where eventtypename=error". Since error isn't in quotes, it is trying to find a field named that. Maybe...

this is what I got and it still does not work for /f %%i in (servers.txt) do logparser "select TimeGenerated,EventID,EventType,EventTypeName,Strings,ComputerName,Message into eventlogs.csv from \\%%i\application where eventtypename=error and timegenerated >= to_localtime (sub(system_timestamp(), timestamp...

this is what I got and it still does not work for /f %%i in (servers.txt) do logparser "select TimeGenerated,EventID,EventType,EventTypeName,Strings,ComputerName,Message into eventlogs.csv from \\%%i\application where eventtypename=error and timegenerated >= to_localtime (sub(system_timestamp(), timestamp...

Hello, Currently, I want to monitor the activity of different Windows version. I would a clean script with Logon and Logoff user, I create the following request : SELECT TO_DATE(TimeGenerated) AS Date, TO_TIME(TimeGenerated) AS Time, CASE EventID WHEN 528 THEN 'Logon' WHEN 551 THEN 'Logout' END AS Action...