read Windows 7 and 2008 Setup event log
Last post Nov 26, 2014 09:20 AM by Perkinsville
Nov 25, 2014 12:53 PM|sspeed|LINK
I'm trying to use LogParser to read the 2008 Windows Setup log from a Windows 2008 machine, but it's failing.
C:\Program Files (x86)\Log Parser 2.2>logparser -i:evt "select * from \\server1\Setup"
Error: Error retrieving files: Error searching for files in folder \\server1\Setup: The network name cannot be found.
It appears to be that this is because the new Windows 7/2008 logs do not have a registry entry under:
So, to test I created a key:
and subsequent REG_EXPAND_SZ entry
File : %SystemRoot%\system32\winevt\Logs\Setup.evtx
and then ran LogParser against it again. I got farther, but I'm missing the definitions. Which I'm guessing are specified with "DisplayNameFile" and "DisplayNameID", but don't know what they are. The output I get with adding those entries is:
Setup 463 2013-01-04 13:34:01 2013-01-04 13:34:01 3 0
Success event 0 None Microsoft-Windows-Servicing KB2758
857|5064|Staged|0x800f0816|WindowsUpdateAgent server1 S-1-5-18 The description for Event ID 3 in Source "Microsoft-Windows-Servicing" cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages
from a remote computer <NULL>
How can I parse the Windows 7 and 2008 Setup logs using Microsoft LogParser?
Nov 26, 2014 09:20 AM|Perkinsville|LINK
You might want to try LogParser Lizard, it formats and configures LogParser for you and has some nice default scripts.