Who? Steve? I wouldn't say that.
Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Steven Peck [mailto:sep...@gmail.com] Sent: Wednesday, July 27, 2011 2:33 PM To: NT System Admin Issues Subject: Re: Free tool for querying remote Windows Event Logs He's a spammer. On Wed, Jul 27, 2011 at 11:30 AM, Rubens Almeida <rubensalme...@gmail.com<mailto:rubensalme...@gmail.com>> wrote: LogParser comes to mind when I have to deal with remote event logs... On Wed, Jul 27, 2011 at 3:07 PM, Steve Kradel <skra...@zetetic.net<mailto:skra...@zetetic.net>> wrote: > Hi list, > > I'm pleased to have something new to share that I think a lot of you > will find useful; having been frustrated by the slow speed of > EventCombMT and the ponderous behavior of the Event Log MMC snap-in > when trying to do everyday things like diagnose account lockouts and > AD object changes, I knew there had to be a better way... > > If you're on a Server 2008+ [*] environment and don't mind breaking > out a command shell window, here is that better way: > http://zetetic.net/products/events > > As a sample use case, the command "ZeShell -e > delete,after=20-july-2011" will scan all of your domain's read-write > domain controllers, in parallel, for AD object deletions since July > 20. Or you can give it a list of event IDs in the familiar > "1,2,3,5-10" format. Just type "ZeShell -?" for details. You'll need > to be in the "Event Log Readers" group (or have Admin or DA access) > for each machine you want to query. > > Please try it out, kick the tires, let me know what you think! I > promise you will find this to be *much* faster than the built-in log > viewer. We're absolutely open to ideas and suggestions too. > > Thanks, > Steve > > [*] This tool is also able to query the Event Log on 2003 / XP hosts, > but it will not do so with the same speed and efficiency as querying > Server 2008, Vista, Win7, or newer, due to limitations of the older > eventing service. > > -- > skra...@zetetic.net<mailto:skra...@zetetic.net> > Philadelphia, PA > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin