Re: Free tool for querying remote Windows Event Logs
LogParser comes to mind when I have to deal with remote event logs... On Wed, Jul 27, 2011 at 3:07 PM, Steve Kradel skra...@zetetic.net wrote: Hi list, I'm pleased to have something new to share that I think a lot of you will find useful; having been frustrated by the slow speed of EventCombMT and the ponderous behavior of the Event Log MMC snap-in when trying to do everyday things like diagnose account lockouts and AD object changes, I knew there had to be a better way... If you're on a Server 2008+ [*] environment and don't mind breaking out a command shell window, here is that better way: http://zetetic.net/products/events As a sample use case, the command ZeShell -e delete,after=20-july-2011 will scan all of your domain's read-write domain controllers, in parallel, for AD object deletions since July 20. Or you can give it a list of event IDs in the familiar 1,2,3,5-10 format. Just type ZeShell -? for details. You'll need to be in the Event Log Readers group (or have Admin or DA access) for each machine you want to query. Please try it out, kick the tires, let me know what you think! I promise you will find this to be *much* faster than the built-in log viewer. We're absolutely open to ideas and suggestions too. Thanks, Steve [*] This tool is also able to query the Event Log on 2003 / XP hosts, but it will not do so with the same speed and efficiency as querying Server 2008, Vista, Win7, or newer, due to limitations of the older eventing service. -- skra...@zetetic.net Philadelphia, PA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Free tool for querying remote Windows Event Logs
He's a spammer. On Wed, Jul 27, 2011 at 11:30 AM, Rubens Almeida rubensalme...@gmail.comwrote: LogParser comes to mind when I have to deal with remote event logs... On Wed, Jul 27, 2011 at 3:07 PM, Steve Kradel skra...@zetetic.net wrote: Hi list, I'm pleased to have something new to share that I think a lot of you will find useful; having been frustrated by the slow speed of EventCombMT and the ponderous behavior of the Event Log MMC snap-in when trying to do everyday things like diagnose account lockouts and AD object changes, I knew there had to be a better way... If you're on a Server 2008+ [*] environment and don't mind breaking out a command shell window, here is that better way: http://zetetic.net/products/events As a sample use case, the command ZeShell -e delete,after=20-july-2011 will scan all of your domain's read-write domain controllers, in parallel, for AD object deletions since July 20. Or you can give it a list of event IDs in the familiar 1,2,3,5-10 format. Just type ZeShell -? for details. You'll need to be in the Event Log Readers group (or have Admin or DA access) for each machine you want to query. Please try it out, kick the tires, let me know what you think! I promise you will find this to be *much* faster than the built-in log viewer. We're absolutely open to ideas and suggestions too. Thanks, Steve [*] This tool is also able to query the Event Log on 2003 / XP hosts, but it will not do so with the same speed and efficiency as querying Server 2008, Vista, Win7, or newer, due to limitations of the older eventing service. -- skra...@zetetic.net Philadelphia, PA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Free tool for querying remote Windows Event Logs
Who? Steve? I wouldn't say that. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Steven Peck [mailto:sep...@gmail.com] Sent: Wednesday, July 27, 2011 2:33 PM To: NT System Admin Issues Subject: Re: Free tool for querying remote Windows Event Logs He's a spammer. On Wed, Jul 27, 2011 at 11:30 AM, Rubens Almeida rubensalme...@gmail.commailto:rubensalme...@gmail.com wrote: LogParser comes to mind when I have to deal with remote event logs... On Wed, Jul 27, 2011 at 3:07 PM, Steve Kradel skra...@zetetic.netmailto:skra...@zetetic.net wrote: Hi list, I'm pleased to have something new to share that I think a lot of you will find useful; having been frustrated by the slow speed of EventCombMT and the ponderous behavior of the Event Log MMC snap-in when trying to do everyday things like diagnose account lockouts and AD object changes, I knew there had to be a better way... If you're on a Server 2008+ [*] environment and don't mind breaking out a command shell window, here is that better way: http://zetetic.net/products/events As a sample use case, the command ZeShell -e delete,after=20-july-2011 will scan all of your domain's read-write domain controllers, in parallel, for AD object deletions since July 20. Or you can give it a list of event IDs in the familiar 1,2,3,5-10 format. Just type ZeShell -? for details. You'll need to be in the Event Log Readers group (or have Admin or DA access) for each machine you want to query. Please try it out, kick the tires, let me know what you think! I promise you will find this to be *much* faster than the built-in log viewer. We're absolutely open to ideas and suggestions too. Thanks, Steve [*] This tool is also able to query the Event Log on 2003 / XP hosts, but it will not do so with the same speed and efficiency as querying Server 2008, Vista, Win7, or newer, due to limitations of the older eventing service. -- skra...@zetetic.netmailto:skra...@zetetic.net Philadelphia, PA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Free tool for querying remote Windows Event Logs
Steven Peck or Steve Kradel? Or me? On Wed, Jul 27, 2011 at 1:34 PM, Michael B. Smith mich...@smithcons.comwrote: Who? Steve? ** ** I wouldn’t say that. ** ** Regards, ** ** Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com ** ** *From:* Steven Peck [mailto:sep...@gmail.com] *Sent:* Wednesday, July 27, 2011 2:33 PM *To:* NT System Admin Issues *Subject:* Re: Free tool for querying remote Windows Event Logs ** ** He's a spammer. On Wed, Jul 27, 2011 at 11:30 AM, Rubens Almeida rubensalme...@gmail.com wrote: LogParser comes to mind when I have to deal with remote event logs... On Wed, Jul 27, 2011 at 3:07 PM, Steve Kradel skra...@zetetic.net wrote: Hi list, I'm pleased to have something new to share that I think a lot of you will find useful; having been frustrated by the slow speed of EventCombMT and the ponderous behavior of the Event Log MMC snap-in when trying to do everyday things like diagnose account lockouts and AD object changes, I knew there had to be a better way... If you're on a Server 2008+ [*] environment and don't mind breaking out a command shell window, here is that better way: http://zetetic.net/products/events As a sample use case, the command ZeShell -e delete,after=20-july-2011 will scan all of your domain's read-write domain controllers, in parallel, for AD object deletions since July 20. Or you can give it a list of event IDs in the familiar 1,2,3,5-10 format. Just type ZeShell -? for details. You'll need to be in the Event Log Readers group (or have Admin or DA access) for each machine you want to query. Please try it out, kick the tires, let me know what you think! I promise you will find this to be *much* faster than the built-in log viewer. We're absolutely open to ideas and suggestions too. Thanks, Steve [*] This tool is also able to query the Event Log on 2003 / XP hosts, but it will not do so with the same speed and efficiency as querying Server 2008, Vista, Win7, or newer, due to limitations of the older eventing service. -- skra...@zetetic.net Philadelphia, PA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Free tool for querying remote Windows Event Logs
Heh. I was referring to Steve Kradel. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Steve Ens [mailto:stevey...@gmail.com] Sent: Wednesday, July 27, 2011 2:47 PM To: NT System Admin Issues Subject: Re: Free tool for querying remote Windows Event Logs Steven Peck or Steve Kradel? Or me? On Wed, Jul 27, 2011 at 1:34 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Who? Steve? I wouldn't say that. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Steven Peck [mailto:sep...@gmail.commailto:sep...@gmail.com] Sent: Wednesday, July 27, 2011 2:33 PM To: NT System Admin Issues Subject: Re: Free tool for querying remote Windows Event Logs He's a spammer. On Wed, Jul 27, 2011 at 11:30 AM, Rubens Almeida rubensalme...@gmail.commailto:rubensalme...@gmail.com wrote: LogParser comes to mind when I have to deal with remote event logs... On Wed, Jul 27, 2011 at 3:07 PM, Steve Kradel skra...@zetetic.netmailto:skra...@zetetic.net wrote: Hi list, I'm pleased to have something new to share that I think a lot of you will find useful; having been frustrated by the slow speed of EventCombMT and the ponderous behavior of the Event Log MMC snap-in when trying to do everyday things like diagnose account lockouts and AD object changes, I knew there had to be a better way... If you're on a Server 2008+ [*] environment and don't mind breaking out a command shell window, here is that better way: http://zetetic.net/products/events As a sample use case, the command ZeShell -e delete,after=20-july-2011 will scan all of your domain's read-write domain controllers, in parallel, for AD object deletions since July 20. Or you can give it a list of event IDs in the familiar 1,2,3,5-10 format. Just type ZeShell -? for details. You'll need to be in the Event Log Readers group (or have Admin or DA access) for each machine you want to query. Please try it out, kick the tires, let me know what you think! I promise you will find this to be *much* faster than the built-in log viewer. We're absolutely open to ideas and suggestions too. Thanks, Steve [*] This tool is also able to query the Event Log on 2003 / XP hosts, but it will not do so with the same speed and efficiency as querying Server 2008, Vista, Win7, or newer, due to limitations of the older eventing service. -- skra...@zetetic.netmailto:skra...@zetetic.net Philadelphia, PA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Free tool for querying remote Windows Event Logs
I don't have any other messages from a Steve Kradel in my folders for this list and it was a product from a company attached to his email list. It seemed to match marketing and presentation. Not saying the tool isn't interesting, just it seemed to match the spam test. I freely admit I may be wrong. On Wed, Jul 27, 2011 at 11:48 AM, Michael B. Smith mich...@smithcons.comwrote: Heh. I was referring to Steve Kradel. ** ** Regards, ** ** Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com ** ** *From:* Steve Ens [mailto:stevey...@gmail.com] *Sent:* Wednesday, July 27, 2011 2:47 PM *To:* NT System Admin Issues *Subject:* Re: Free tool for querying remote Windows Event Logs ** ** Steven Peck or Steve Kradel? Or me? On Wed, Jul 27, 2011 at 1:34 PM, Michael B. Smith mich...@smithcons.com wrote: Who? Steve? I wouldn’t say that. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* Steven Peck [mailto:sep...@gmail.com] *Sent:* Wednesday, July 27, 2011 2:33 PM *To:* NT System Admin Issues *Subject:* Re: Free tool for querying remote Windows Event Logs He's a spammer. On Wed, Jul 27, 2011 at 11:30 AM, Rubens Almeida rubensalme...@gmail.com wrote: LogParser comes to mind when I have to deal with remote event logs... On Wed, Jul 27, 2011 at 3:07 PM, Steve Kradel skra...@zetetic.net wrote: Hi list, I'm pleased to have something new to share that I think a lot of you will find useful; having been frustrated by the slow speed of EventCombMT and the ponderous behavior of the Event Log MMC snap-in when trying to do everyday things like diagnose account lockouts and AD object changes, I knew there had to be a better way... If you're on a Server 2008+ [*] environment and don't mind breaking out a command shell window, here is that better way: http://zetetic.net/products/events As a sample use case, the command ZeShell -e delete,after=20-july-2011 will scan all of your domain's read-write domain controllers, in parallel, for AD object deletions since July 20. Or you can give it a list of event IDs in the familiar 1,2,3,5-10 format. Just type ZeShell -? for details. You'll need to be in the Event Log Readers group (or have Admin or DA access) for each machine you want to query. Please try it out, kick the tires, let me know what you think! I promise you will find this to be *much* faster than the built-in log viewer. We're absolutely open to ideas and suggestions too. Thanks, Steve [*] This tool is also able to query the Event Log on 2003 / XP hosts, but it will not do so with the same speed and efficiency as querying Server 2008, Vista, Win7, or newer, due to limitations of the older eventing service. -- skra...@zetetic.net Philadelphia, PA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally
RE: Free tool for querying remote Windows Event Logs
Sorry. He's quite active on the activedir list. I didn't pay a lot of attention to where he posted it. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Steven Peck [mailto:sep...@gmail.com] Sent: Wednesday, July 27, 2011 2:55 PM To: NT System Admin Issues Subject: Re: Free tool for querying remote Windows Event Logs I don't have any other messages from a Steve Kradel in my folders for this list and it was a product from a company attached to his email list. It seemed to match marketing and presentation. Not saying the tool isn't interesting, just it seemed to match the spam test. I freely admit I may be wrong. On Wed, Jul 27, 2011 at 11:48 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Heh. I was referring to Steve Kradel. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Steve Ens [mailto:stevey...@gmail.commailto:stevey...@gmail.com] Sent: Wednesday, July 27, 2011 2:47 PM To: NT System Admin Issues Subject: Re: Free tool for querying remote Windows Event Logs Steven Peck or Steve Kradel? Or me? On Wed, Jul 27, 2011 at 1:34 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Who? Steve? I wouldn't say that. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Steven Peck [mailto:sep...@gmail.commailto:sep...@gmail.com] Sent: Wednesday, July 27, 2011 2:33 PM To: NT System Admin Issues Subject: Re: Free tool for querying remote Windows Event Logs He's a spammer. On Wed, Jul 27, 2011 at 11:30 AM, Rubens Almeida rubensalme...@gmail.commailto:rubensalme...@gmail.com wrote: LogParser comes to mind when I have to deal with remote event logs... On Wed, Jul 27, 2011 at 3:07 PM, Steve Kradel skra...@zetetic.netmailto:skra...@zetetic.net wrote: Hi list, I'm pleased to have something new to share that I think a lot of you will find useful; having been frustrated by the slow speed of EventCombMT and the ponderous behavior of the Event Log MMC snap-in when trying to do everyday things like diagnose account lockouts and AD object changes, I knew there had to be a better way... If you're on a Server 2008+ [*] environment and don't mind breaking out a command shell window, here is that better way: http://zetetic.net/products/events As a sample use case, the command ZeShell -e delete,after=20-july-2011 will scan all of your domain's read-write domain controllers, in parallel, for AD object deletions since July 20. Or you can give it a list of event IDs in the familiar 1,2,3,5-10 format. Just type ZeShell -? for details. You'll need to be in the Event Log Readers group (or have Admin or DA access) for each machine you want to query. Please try it out, kick the tires, let me know what you think! I promise you will find this to be *much* faster than the built-in log viewer. We're absolutely open to ideas and suggestions too. Thanks, Steve [*] This tool is also able to query the Event Log on 2003 / XP hosts, but it will not do so with the same speed and efficiency as querying Server 2008, Vista, Win7, or newer, due to limitations of the older eventing service. -- skra...@zetetic.netmailto:skra...@zetetic.net Philadelphia, PA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read
Re: Free tool for querying remote Windows Event Logs
On Wed, Jul 27, 2011 at 2:34 PM, Michael B. Smith mich...@smithcons.com wrote: He's a spammer. Who? Steve? I wouldn’t say that. His sole post to this list is an advertisement for their product. That's pretty much the definition of spam. He isn't selling replica Rolexes out of Russia using a hijacked Hotmail account, true, but spam comes in many flavors. Some of it looks more appetizing. Still spam. Our list host had to learn that lesson the hard way, some may recall. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Free tool for querying remote Windows Event Logs
I'm sorry if my note came across as spammy. I posted to this list because I think the list members will find it useful. The software is free of charge for any purpose and contains no nags, and you may fill out the contact form with bogus information if you like. I believe this is in compliance with the list charter. I haven't made any other posts to this particular list, and for that transgression, I apologize. --Steve On Wed, Jul 27, 2011 at 2:32 PM, Steven Peck sep...@gmail.com wrote: He's a spammer. On Wed, Jul 27, 2011 at 11:30 AM, Rubens Almeida rubensalme...@gmail.com wrote: LogParser comes to mind when I have to deal with remote event logs... On Wed, Jul 27, 2011 at 3:07 PM, Steve Kradel skra...@zetetic.net wrote: Hi list, I'm pleased to have something new to share that I think a lot of you will find useful; having been frustrated by the slow speed of EventCombMT and the ponderous behavior of the Event Log MMC snap-in when trying to do everyday things like diagnose account lockouts and AD object changes, I knew there had to be a better way... If you're on a Server 2008+ [*] environment and don't mind breaking out a command shell window, here is that better way: http://zetetic.net/products/events As a sample use case, the command ZeShell -e delete,after=20-july-2011 will scan all of your domain's read-write domain controllers, in parallel, for AD object deletions since July 20. Or you can give it a list of event IDs in the familiar 1,2,3,5-10 format. Just type ZeShell -? for details. You'll need to be in the Event Log Readers group (or have Admin or DA access) for each machine you want to query. Please try it out, kick the tires, let me know what you think! I promise you will find this to be *much* faster than the built-in log viewer. We're absolutely open to ideas and suggestions too. Thanks, Steve [*] This tool is also able to query the Event Log on 2003 / XP hosts, but it will not do so with the same speed and efficiency as querying Server 2008, Vista, Win7, or newer, due to limitations of the older eventing service. -- skra...@zetetic.net Philadelphia, PA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Free tool for querying remote Windows Event Logs
LogParser is definitely very powerful--much, much more flexible, in fact--it is sort of a mini-ETL tool. On the other hand, it hasn't been updated in over six years, and doesn't seem to be aware of the Server 2008 event log facilities, which can make an *enormous* difference in the time and resources needed to satisfy a search. This tool only works with event logs, and only renders the output to text, but can be dramatically faster to that end. --Steve On Wed, Jul 27, 2011 at 2:30 PM, Rubens Almeida rubensalme...@gmail.com wrote: LogParser comes to mind when I have to deal with remote event logs... On Wed, Jul 27, 2011 at 3:07 PM, Steve Kradel skra...@zetetic.net wrote: Hi list, I'm pleased to have something new to share that I think a lot of you will find useful; having been frustrated by the slow speed of EventCombMT and the ponderous behavior of the Event Log MMC snap-in when trying to do everyday things like diagnose account lockouts and AD object changes, I knew there had to be a better way... If you're on a Server 2008+ [*] environment and don't mind breaking out a command shell window, here is that better way: http://zetetic.net/products/events As a sample use case, the command ZeShell -e delete,after=20-july-2011 will scan all of your domain's read-write domain controllers, in parallel, for AD object deletions since July 20. Or you can give it a list of event IDs in the familiar 1,2,3,5-10 format. Just type ZeShell -? for details. You'll need to be in the Event Log Readers group (or have Admin or DA access) for each machine you want to query. Please try it out, kick the tires, let me know what you think! I promise you will find this to be *much* faster than the built-in log viewer. We're absolutely open to ideas and suggestions too. Thanks, Steve [*] This tool is also able to query the Event Log on 2003 / XP hosts, but it will not do so with the same speed and efficiency as querying Server 2008, Vista, Win7, or newer, due to limitations of the older eventing service. -- skra...@zetetic.net Philadelphia, PA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Free tool for querying remote Windows Event Logs
-1 Steve does not remotely fit any definition of a spammer that I utilize. :) From: Steven Peck [mailto:sep...@gmail.com] Sent: Wednesday, July 27, 2011 11:55 AM To: NT System Admin Issues Subject: Re: Free tool for querying remote Windows Event Logs I don't have any other messages from a Steve Kradel in my folders for this list and it was a product from a company attached to his email list. It seemed to match marketing and presentation. Not saying the tool isn't interesting, just it seemed to match the spam test. I freely admit I may be wrong. On Wed, Jul 27, 2011 at 11:48 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Heh. I was referring to Steve Kradel. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Steve Ens [mailto:stevey...@gmail.commailto:stevey...@gmail.com] Sent: Wednesday, July 27, 2011 2:47 PM To: NT System Admin Issues Subject: Re: Free tool for querying remote Windows Event Logs Steven Peck or Steve Kradel? Or me? On Wed, Jul 27, 2011 at 1:34 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Who? Steve? I wouldn't say that. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Steven Peck [mailto:sep...@gmail.commailto:sep...@gmail.com] Sent: Wednesday, July 27, 2011 2:33 PM To: NT System Admin Issues Subject: Re: Free tool for querying remote Windows Event Logs He's a spammer. On Wed, Jul 27, 2011 at 11:30 AM, Rubens Almeida rubensalme...@gmail.commailto:rubensalme...@gmail.com wrote: LogParser comes to mind when I have to deal with remote event logs... On Wed, Jul 27, 2011 at 3:07 PM, Steve Kradel skra...@zetetic.netmailto:skra...@zetetic.net wrote: Hi list, I'm pleased to have something new to share that I think a lot of you will find useful; having been frustrated by the slow speed of EventCombMT and the ponderous behavior of the Event Log MMC snap-in when trying to do everyday things like diagnose account lockouts and AD object changes, I knew there had to be a better way... If you're on a Server 2008+ [*] environment and don't mind breaking out a command shell window, here is that better way: http://zetetic.net/products/events As a sample use case, the command ZeShell -e delete,after=20-july-2011 will scan all of your domain's read-write domain controllers, in parallel, for AD object deletions since July 20. Or you can give it a list of event IDs in the familiar 1,2,3,5-10 format. Just type ZeShell -? for details. You'll need to be in the Event Log Readers group (or have Admin or DA access) for each machine you want to query. Please try it out, kick the tires, let me know what you think! I promise you will find this to be *much* faster than the built-in log viewer. We're absolutely open to ideas and suggestions too. Thanks, Steve [*] This tool is also able to query the Event Log on 2003 / XP hosts, but it will not do so with the same speed and efficiency as querying Server 2008, Vista, Win7, or newer, due to limitations of the older eventing service. -- skra...@zetetic.netmailto:skra...@zetetic.net Philadelphia, PA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
Re: Free tool for querying remote Windows Event Logs
You seem to have knowledge of him outside this list that many of us don't have. :) On Wed, Jul 27, 2011 at 12:45 PM, Free, Bob r...@pge.com wrote: -1 ** ** Steve does not remotely fit any definition of a spammer that I utilize. J* *** ** ** ** ** *From:* Steven Peck [mailto:sep...@gmail.com] *Sent:* Wednesday, July 27, 2011 11:55 AM *To:* NT System Admin Issues *Subject:* Re: Free tool for querying remote Windows Event Logs ** ** I don't have any other messages from a Steve Kradel in my folders for this list and it was a product from a company attached to his email list. It seemed to match marketing and presentation. Not saying the tool isn't interesting, just it seemed to match the spam test. I freely admit I may be wrong. On Wed, Jul 27, 2011 at 11:48 AM, Michael B. Smith mich...@smithcons.com wrote: Heh. I was referring to Steve Kradel. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* Steve Ens [mailto:stevey...@gmail.com] *Sent:* Wednesday, July 27, 2011 2:47 PM *To:* NT System Admin Issues *Subject:* Re: Free tool for querying remote Windows Event Logs Steven Peck or Steve Kradel? Or me? On Wed, Jul 27, 2011 at 1:34 PM, Michael B. Smith mich...@smithcons.com wrote: Who? Steve? I wouldn’t say that. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* Steven Peck [mailto:sep...@gmail.com] *Sent:* Wednesday, July 27, 2011 2:33 PM *To:* NT System Admin Issues *Subject:* Re: Free tool for querying remote Windows Event Logs He's a spammer. On Wed, Jul 27, 2011 at 11:30 AM, Rubens Almeida rubensalme...@gmail.com wrote: LogParser comes to mind when I have to deal with remote event logs... On Wed, Jul 27, 2011 at 3:07 PM, Steve Kradel skra...@zetetic.net wrote: Hi list, I'm pleased to have something new to share that I think a lot of you will find useful; having been frustrated by the slow speed of EventCombMT and the ponderous behavior of the Event Log MMC snap-in when trying to do everyday things like diagnose account lockouts and AD object changes, I knew there had to be a better way... If you're on a Server 2008+ [*] environment and don't mind breaking out a command shell window, here is that better way: http://zetetic.net/products/events As a sample use case, the command ZeShell -e delete,after=20-july-2011 will scan all of your domain's read-write domain controllers, in parallel, for AD object deletions since July 20. Or you can give it a list of event IDs in the familiar 1,2,3,5-10 format. Just type ZeShell -? for details. You'll need to be in the Event Log Readers group (or have Admin or DA access) for each machine you want to query. Please try it out, kick the tires, let me know what you think! I promise you will find this to be *much* faster than the built-in log viewer. We're absolutely open to ideas and suggestions too. Thanks, Steve [*] This tool is also able to query the Event Log on 2003 / XP hosts, but it will not do so with the same speed and efficiency as querying Server 2008, Vista, Win7, or newer, due to limitations of the older eventing service. -- skra...@zetetic.net Philadelphia, PA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http
RE: Free tool for querying remote Windows Event Logs
I do and I guess that was my slightly inept attempt at vouching for him :-] direct approach :: He is a good guy, very knowledgeable and helpful and would be a welcome addition to this list. From: Steven Peck [mailto:sep...@gmail.com] Sent: Wednesday, July 27, 2011 12:59 PM To: NT System Admin Issues Subject: Re: Free tool for querying remote Windows Event Logs You seem to have knowledge of him outside this list that many of us don't have. :) On Wed, Jul 27, 2011 at 12:45 PM, Free, Bob r...@pge.commailto:r...@pge.com wrote: -1 Steve does not remotely fit any definition of a spammer that I utilize. :) From: Steven Peck [mailto:sep...@gmail.commailto:sep...@gmail.com] Sent: Wednesday, July 27, 2011 11:55 AM To: NT System Admin Issues Subject: Re: Free tool for querying remote Windows Event Logs I don't have any other messages from a Steve Kradel in my folders for this list and it was a product from a company attached to his email list. It seemed to match marketing and presentation. Not saying the tool isn't interesting, just it seemed to match the spam test. I freely admit I may be wrong. On Wed, Jul 27, 2011 at 11:48 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Heh. I was referring to Steve Kradel. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Steve Ens [mailto:stevey...@gmail.commailto:stevey...@gmail.com] Sent: Wednesday, July 27, 2011 2:47 PM To: NT System Admin Issues Subject: Re: Free tool for querying remote Windows Event Logs Steven Peck or Steve Kradel? Or me? On Wed, Jul 27, 2011 at 1:34 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Who? Steve? I wouldn't say that. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Steven Peck [mailto:sep...@gmail.commailto:sep...@gmail.com] Sent: Wednesday, July 27, 2011 2:33 PM To: NT System Admin Issues Subject: Re: Free tool for querying remote Windows Event Logs He's a spammer. On Wed, Jul 27, 2011 at 11:30 AM, Rubens Almeida rubensalme...@gmail.commailto:rubensalme...@gmail.com wrote: LogParser comes to mind when I have to deal with remote event logs... On Wed, Jul 27, 2011 at 3:07 PM, Steve Kradel skra...@zetetic.netmailto:skra...@zetetic.net wrote: Hi list, I'm pleased to have something new to share that I think a lot of you will find useful; having been frustrated by the slow speed of EventCombMT and the ponderous behavior of the Event Log MMC snap-in when trying to do everyday things like diagnose account lockouts and AD object changes, I knew there had to be a better way... If you're on a Server 2008+ [*] environment and don't mind breaking out a command shell window, here is that better way: http://zetetic.net/products/events As a sample use case, the command ZeShell -e delete,after=20-july-2011 will scan all of your domain's read-write domain controllers, in parallel, for AD object deletions since July 20. Or you can give it a list of event IDs in the familiar 1,2,3,5-10 format. Just type ZeShell -? for details. You'll need to be in the Event Log Readers group (or have Admin or DA access) for each machine you want to query. Please try it out, kick the tires, let me know what you think! I promise you will find this to be *much* faster than the built-in log viewer. We're absolutely open to ideas and suggestions too. Thanks, Steve [*] This tool is also able to query the Event Log on 2003 / XP hosts, but it will not do so with the same speed and efficiency as querying Server 2008, Vista, Win7, or newer, due to limitations of the older eventing service. -- skra...@zetetic.netmailto:skra...@zetetic.net Philadelphia, PA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise
RE: Free tool for querying remote Windows Event Logs
+1 Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, July 27, 2011 4:15 PM To: NT System Admin Issues Subject: RE: Free tool for querying remote Windows Event Logs I do and I guess that was my slightly inept attempt at vouching for him :-] direct approach :: He is a good guy, very knowledgeable and helpful and would be a welcome addition to this list. From: Steven Peck [mailto:sep...@gmail.com]mailto:[mailto:sep...@gmail.com] Sent: Wednesday, July 27, 2011 12:59 PM To: NT System Admin Issues Subject: Re: Free tool for querying remote Windows Event Logs You seem to have knowledge of him outside this list that many of us don't have. :) On Wed, Jul 27, 2011 at 12:45 PM, Free, Bob r...@pge.commailto:r...@pge.com wrote: -1 Steve does not remotely fit any definition of a spammer that I utilize. :) From: Steven Peck [mailto:sep...@gmail.commailto:sep...@gmail.com] Sent: Wednesday, July 27, 2011 11:55 AM To: NT System Admin Issues Subject: Re: Free tool for querying remote Windows Event Logs I don't have any other messages from a Steve Kradel in my folders for this list and it was a product from a company attached to his email list. It seemed to match marketing and presentation. Not saying the tool isn't interesting, just it seemed to match the spam test. I freely admit I may be wrong. On Wed, Jul 27, 2011 at 11:48 AM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Heh. I was referring to Steve Kradel. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Steve Ens [mailto:stevey...@gmail.commailto:stevey...@gmail.com] Sent: Wednesday, July 27, 2011 2:47 PM To: NT System Admin Issues Subject: Re: Free tool for querying remote Windows Event Logs Steven Peck or Steve Kradel? Or me? On Wed, Jul 27, 2011 at 1:34 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: Who? Steve? I wouldn't say that. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Steven Peck [mailto:sep...@gmail.commailto:sep...@gmail.com] Sent: Wednesday, July 27, 2011 2:33 PM To: NT System Admin Issues Subject: Re: Free tool for querying remote Windows Event Logs He's a spammer. On Wed, Jul 27, 2011 at 11:30 AM, Rubens Almeida rubensalme...@gmail.commailto:rubensalme...@gmail.com wrote: LogParser comes to mind when I have to deal with remote event logs... On Wed, Jul 27, 2011 at 3:07 PM, Steve Kradel skra...@zetetic.netmailto:skra...@zetetic.net wrote: Hi list, I'm pleased to have something new to share that I think a lot of you will find useful; having been frustrated by the slow speed of EventCombMT and the ponderous behavior of the Event Log MMC snap-in when trying to do everyday things like diagnose account lockouts and AD object changes, I knew there had to be a better way... If you're on a Server 2008+ [*] environment and don't mind breaking out a command shell window, here is that better way: http://zetetic.net/products/events As a sample use case, the command ZeShell -e delete,after=20-july-2011 will scan all of your domain's read-write domain controllers, in parallel, for AD object deletions since July 20. Or you can give it a list of event IDs in the familiar 1,2,3,5-10 format. Just type ZeShell -? for details. You'll need to be in the Event Log Readers group (or have Admin or DA access) for each machine you want to query. Please try it out, kick the tires, let me know what you think! I promise you will find this to be *much* faster than the built-in log viewer. We're absolutely open to ideas and suggestions too. Thanks, Steve [*] This tool is also able to query the Event Log on 2003 / XP hosts, but it will not do so with the same speed and efficiency as querying Server 2008, Vista, Win7, or newer, due to limitations of the older eventing service. -- skra...@zetetic.netmailto:skra...@zetetic.net Philadelphia, PA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt
Re: Free tool for querying remote Windows Event Logs
It's all good. I've been getting a ton of random vender calls the last two weeks (not him) so this probably fed into a little side effect. :) As we said this spring, we chose another product. No, we don't use that here. Wow, yet another new account representative assigned to us this year... Why? We have none of your products. and on and on :) On Wed, Jul 27, 2011 at 1:14 PM, Free, Bob r...@pge.com wrote: I do and I guess that was my slightly inept attempt at vouching for him :-] ** ** direct approach :: He is a good guy, very knowledgeable and helpful and would be a welcome addition to this list. ** ** ** ** *From:* Steven Peck [mailto:sep...@gmail.com] *Sent:* Wednesday, July 27, 2011 12:59 PM *To:* NT System Admin Issues *Subject:* Re: Free tool for querying remote Windows Event Logs ** ** You seem to have knowledge of him outside this list that many of us don't have. :) On Wed, Jul 27, 2011 at 12:45 PM, Free, Bob r...@pge.com wrote: -1 Steve does not remotely fit any definition of a spammer that I utilize. J* *** *From:* Steven Peck [mailto:sep...@gmail.com] *Sent:* Wednesday, July 27, 2011 11:55 AM *To:* NT System Admin Issues *Subject:* Re: Free tool for querying remote Windows Event Logs I don't have any other messages from a Steve Kradel in my folders for this list and it was a product from a company attached to his email list. It seemed to match marketing and presentation. Not saying the tool isn't interesting, just it seemed to match the spam test. I freely admit I may be wrong. On Wed, Jul 27, 2011 at 11:48 AM, Michael B. Smith mich...@smithcons.com wrote: Heh. I was referring to Steve Kradel. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* Steve Ens [mailto:stevey...@gmail.com] *Sent:* Wednesday, July 27, 2011 2:47 PM *To:* NT System Admin Issues *Subject:* Re: Free tool for querying remote Windows Event Logs Steven Peck or Steve Kradel? Or me? On Wed, Jul 27, 2011 at 1:34 PM, Michael B. Smith mich...@smithcons.com wrote: Who? Steve? I wouldn’t say that. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* Steven Peck [mailto:sep...@gmail.com] *Sent:* Wednesday, July 27, 2011 2:33 PM *To:* NT System Admin Issues *Subject:* Re: Free tool for querying remote Windows Event Logs He's a spammer. On Wed, Jul 27, 2011 at 11:30 AM, Rubens Almeida rubensalme...@gmail.com wrote: LogParser comes to mind when I have to deal with remote event logs... On Wed, Jul 27, 2011 at 3:07 PM, Steve Kradel skra...@zetetic.net wrote: Hi list, I'm pleased to have something new to share that I think a lot of you will find useful; having been frustrated by the slow speed of EventCombMT and the ponderous behavior of the Event Log MMC snap-in when trying to do everyday things like diagnose account lockouts and AD object changes, I knew there had to be a better way... If you're on a Server 2008+ [*] environment and don't mind breaking out a command shell window, here is that better way: http://zetetic.net/products/events As a sample use case, the command ZeShell -e delete,after=20-july-2011 will scan all of your domain's read-write domain controllers, in parallel, for AD object deletions since July 20. Or you can give it a list of event IDs in the familiar 1,2,3,5-10 format. Just type ZeShell -? for details. You'll need to be in the Event Log Readers group (or have Admin or DA access) for each machine you want to query. Please try it out, kick the tires, let me know what you think! I promise you will find this to be *much* faster than the built-in log viewer. We're absolutely open to ideas and suggestions too. Thanks, Steve [*] This tool is also able to query the Event Log on 2003 / XP hosts, but it will not do so with the same speed and efficiency as querying Server 2008, Vista, Win7, or newer, due to limitations of the older eventing service. -- skra...@zetetic.net Philadelphia, PA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe
Re: Free tool for querying remote Windows Event Logs
On Wed, Jul 27, 2011 at 3:06 PM, Steve Kradel skra...@zetetic.net wrote: I'm sorry if my note came across as spammy. Ah, see, already, spam score is dropping. First mark of a spammer is how they insist they did nothing wrong. You never see apologies. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Free tool for querying remote Windows Event Logs
Well, the bona fides help, too. :-) On Wed, Jul 27, 2011 at 9:28 PM, Ben Scott mailvor...@gmail.com wrote: On Wed, Jul 27, 2011 at 3:06 PM, Steve Kradel skra...@zetetic.net wrote: I'm sorry if my note came across as spammy. Ah, see, already, spam score is dropping. First mark of a spammer is how they insist they did nothing wrong. You never see apologies. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
