LogParser is definitely very powerful--much, much more flexible, in fact--it is sort of a mini-ETL tool. On the other hand, it hasn't been updated in over six years, and doesn't seem to be aware of the Server 2008 event log facilities, which can make an *enormous* difference in the time and resources needed to satisfy a search. This tool only works with event logs, and only renders the output to text, but can be dramatically faster to that end.
--Steve On Wed, Jul 27, 2011 at 2:30 PM, Rubens Almeida <rubensalme...@gmail.com> wrote: > LogParser comes to mind when I have to deal with remote event logs... > > On Wed, Jul 27, 2011 at 3:07 PM, Steve Kradel <skra...@zetetic.net> wrote: >> Hi list, >> >> I'm pleased to have something new to share that I think a lot of you >> will find useful; having been frustrated by the slow speed of >> EventCombMT and the ponderous behavior of the Event Log MMC snap-in >> when trying to do everyday things like diagnose account lockouts and >> AD object changes, I knew there had to be a better way... >> >> If you're on a Server 2008+ [*] environment and don't mind breaking >> out a command shell window, here is that better way: >> http://zetetic.net/products/events >> >> As a sample use case, the command "ZeShell -e >> delete,after=20-july-2011" will scan all of your domain's read-write >> domain controllers, in parallel, for AD object deletions since July >> 20. Or you can give it a list of event IDs in the familiar >> "1,2,3,5-10" format. Just type "ZeShell -?" for details. You'll need >> to be in the "Event Log Readers" group (or have Admin or DA access) >> for each machine you want to query. >> >> Please try it out, kick the tires, let me know what you think! I >> promise you will find this to be *much* faster than the built-in log >> viewer. We're absolutely open to ideas and suggestions too. >> >> Thanks, >> Steve >> >> [*] This tool is also able to query the Event Log on 2003 / XP hosts, >> but it will not do so with the same speed and efficiency as querying >> Server 2008, Vista, Win7, or newer, due to limitations of the older >> eventing service. >> >> -- >> skra...@zetetic.net >> Philadelphia, PA >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
