LogParser comes to mind when I have to deal with remote event logs... On Wed, Jul 27, 2011 at 3:07 PM, Steve Kradel <skra...@zetetic.net> wrote: > Hi list, > > I'm pleased to have something new to share that I think a lot of you > will find useful; having been frustrated by the slow speed of > EventCombMT and the ponderous behavior of the Event Log MMC snap-in > when trying to do everyday things like diagnose account lockouts and > AD object changes, I knew there had to be a better way... > > If you're on a Server 2008+ [*] environment and don't mind breaking > out a command shell window, here is that better way: > http://zetetic.net/products/events > > As a sample use case, the command "ZeShell -e > delete,after=20-july-2011" will scan all of your domain's read-write > domain controllers, in parallel, for AD object deletions since July > 20. Or you can give it a list of event IDs in the familiar > "1,2,3,5-10" format. Just type "ZeShell -?" for details. You'll need > to be in the "Event Log Readers" group (or have Admin or DA access) > for each machine you want to query. > > Please try it out, kick the tires, let me know what you think! I > promise you will find this to be *much* faster than the built-in log > viewer. We're absolutely open to ideas and suggestions too. > > Thanks, > Steve > > [*] This tool is also able to query the Event Log on 2003 / XP hosts, > but it will not do so with the same speed and efficiency as querying > Server 2008, Vista, Win7, or newer, due to limitations of the older > eventing service. > > -- > skra...@zetetic.net > Philadelphia, PA > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin >
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin