|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Consolidate event logs?
Here is what I am trying to accomplish.
I want to specify a text file to a script that has the names of servers to access. The script will grab all warnings and errors from the app and system logs for a specified time frame, say last 24 hours or something. Then the logs are consolidated in a file by type, "application logs" and "system logs". I don't need to get too deep, just server name, date, time, source, and description. I was looking at dumpel.exe, but it doesn't seem like it will do what I want except for security logs where I'm only looking for audit failures. Can someone point me at a good script source? Thanks much! Steve You might want to check out logparser. It can do exactly this and output
the data in a variety of methods, including writing it to an SQL DB http://www.microsoft.com/technet/scriptcenter/tools/logparser/default.mspx Show quote "Steve Gould" <steve.gould(at)apawood.org> wrote in message news:%230mCP4sjHHA.568@TK2MSFTNGP02.phx.gbl... > Here is what I am trying to accomplish. > > I want to specify a text file to a script that has the names of servers to > access. The script will grab all warnings and errors from the app and > system logs for a specified time frame, say last 24 hours or something. > Then the logs are consolidated in a file by type, "application logs" and > "system logs". I don't need to get too deep, just server name, date, time, > source, and description. > > I was looking at dumpel.exe, but it doesn't seem like it will do what I > want except for security logs where I'm only looking for audit failures. > > Can someone point me at a good script source? > > Thanks much! > > Steve > Thank you Jeremy! It has the output processing I needed. Still, I need to
process against a number of remote servers and consolidate the output files. I think they will consolidate OK (haven't tried yet), but I don't see a way to use it against remote server logs. At this point I think I could install the utility and scedule it on each server and have them output to a share. It's not perfect, though. I might not get permission to install the utility on each server. I'd rather process from my admin machine. I really need some WMI scripts to pull the logs. I'll keep hunting now that I am much closer. Steve Show quote "Jeremy" <jer***@discussions.microsoft.com> wrote in message news:D7F8298F-A8E8-4F52-B66D-50A1C5380BED@microsoft.com... > You might want to check out logparser. It can do exactly this and output > the data in a variety of methods, including writing it to an SQL DB > http://www.microsoft.com/technet/scriptcenter/tools/logparser/default.mspx > > "Steve Gould" <steve.gould(at)apawood.org> wrote in message > news:%230mCP4sjHHA.568@TK2MSFTNGP02.phx.gbl... >> Here is what I am trying to accomplish. >> >> I want to specify a text file to a script that has the names of servers >> to access. The script will grab all warnings and errors from the app and >> system logs for a specified time frame, say last 24 hours or something. >> Then the logs are consolidated in a file by type, "application logs" and >> "system logs". I don't need to get too deep, just server name, date, >> time, source, and description. >> >> I was looking at dumpel.exe, but it doesn't seem like it will do what I >> want except for security logs where I'm only looking for audit failures. >> >> Can someone point me at a good script source? >> >> Thanks much! >> >> Steve >> > Log parser can operate on remote servers, see logparser.exe -h -i:evt
One example is Create TSV files containing Event Messages for each Source in the Application Event Log: LogParser "SELECT SourceName, Message INTO myFile_*.tsv FROM \\MYSERVER1\Application, \\MYSERVER2\Application" You could certainly script this from a centralised server using a for loop in a batch file. FOR /F %%a in (servers.txt) do ( log parser commands targeting %%a as the server name ) servers.txt need only contain all the server names. Good luck. Cheers, Jeremy. Show quote "Steve Gould" <steve.gould(at)apawood.org> wrote in message news:emuQkT3jHHA.4132@TK2MSFTNGP05.phx.gbl... > Thank you Jeremy! It has the output processing I needed. Still, I need to > process against a number of remote servers and consolidate the output > files. I think they will consolidate OK (haven't tried yet), but I don't > see a way to use it against remote server logs. At this point I think I > could install the utility and scedule it on each server and have them > output to a share. It's not perfect, though. I might not get permission to > install the utility on each server. I'd rather process from my admin > machine. > > I really need some WMI scripts to pull the logs. I'll keep hunting now > that I am much closer. > > Steve > > > "Jeremy" <jer***@discussions.microsoft.com> wrote in message > news:D7F8298F-A8E8-4F52-B66D-50A1C5380BED@microsoft.com... >> You might want to check out logparser. It can do exactly this and output >> the data in a variety of methods, including writing it to an SQL DB >> http://www.microsoft.com/technet/scriptcenter/tools/logparser/default.mspx >> >> "Steve Gould" <steve.gould(at)apawood.org> wrote in message >> news:%230mCP4sjHHA.568@TK2MSFTNGP02.phx.gbl... >>> Here is what I am trying to accomplish. >>> >>> I want to specify a text file to a script that has the names of servers >>> to access. The script will grab all warnings and errors from the app and >>> system logs for a specified time frame, say last 24 hours or something. >>> Then the logs are consolidated in a file by type, "application logs" and >>> "system logs". I don't need to get too deep, just server name, date, >>> time, source, and description. >>> >>> I was looking at dumpel.exe, but it doesn't seem like it will do what I >>> want except for security logs where I'm only looking for audit failures. >>> >>> Can someone point me at a good script source? >>> >>> Thanks much! >>> >>> Steve >>> >> > > OK, now I feel dumb. Since I didn't see it documented I assumed you couldn
use \\computer\log. Thanks Jeremy. I have everything I need now. I appreciate your help! Steve Show quote "Jeremy" <jer***@discussions.microsoft.com> wrote in message news:80683729-4E6A-4549-81BE-AB5793080AE1@microsoft.com... > Log parser can operate on remote servers, see logparser.exe -h -i:evt > > One example is > Create TSV files containing Event Messages for each Source in the > Application Event Log: > > LogParser "SELECT SourceName, Message INTO myFile_*.tsv FROM > \\MYSERVER1\Application, \\MYSERVER2\Application" > > You could certainly script this from a centralised server using a for loop > in a batch file. > > FOR /F %%a in (servers.txt) do ( > log parser commands targeting %%a as the server name > ) > > servers.txt need only contain all the server names. > > Good luck. > > Cheers, > Jeremy. > > "Steve Gould" <steve.gould(at)apawood.org> wrote in message > news:emuQkT3jHHA.4132@TK2MSFTNGP05.phx.gbl... >> Thank you Jeremy! It has the output processing I needed. Still, I need to >> process against a number of remote servers and consolidate the output >> files. I think they will consolidate OK (haven't tried yet), but I don't >> see a way to use it against remote server logs. At this point I think I >> could install the utility and scedule it on each server and have them >> output to a share. It's not perfect, though. I might not get permission >> to install the utility on each server. I'd rather process from my admin >> machine. >> >> I really need some WMI scripts to pull the logs. I'll keep hunting now >> that I am much closer. >> >> Steve >> >> >> "Jeremy" <jer***@discussions.microsoft.com> wrote in message >> news:D7F8298F-A8E8-4F52-B66D-50A1C5380BED@microsoft.com... >>> You might want to check out logparser. It can do exactly this and >>> output the data in a variety of methods, including writing it to an SQL >>> DB >>> http://www.microsoft.com/technet/scriptcenter/tools/logparser/default.mspx >>> >>> "Steve Gould" <steve.gould(at)apawood.org> wrote in message >>> news:%230mCP4sjHHA.568@TK2MSFTNGP02.phx.gbl... >>>> Here is what I am trying to accomplish. >>>> >>>> I want to specify a text file to a script that has the names of servers >>>> to access. The script will grab all warnings and errors from the app >>>> and system logs for a specified time frame, say last 24 hours or >>>> something. Then the logs are consolidated in a file by type, >>>> "application logs" and "system logs". I don't need to get too deep, >>>> just server name, date, time, source, and description. >>>> >>>> I was looking at dumpel.exe, but it doesn't seem like it will do what I >>>> want except for security logs where I'm only looking for audit >>>> failures. >>>> >>>> Can someone point me at a good script source? >>>> >>>> Thanks much! >>>> >>>> Steve >>>> >>> >> >> > This may help.
----------------------------------------- Dim strConnect, strSQL, yr, m, d, h, min, s, timeobj strConnect = "SQLOLEDB.1;Integrated Security=SSPI; " _ & "Persist Security Info=False; " _ & "Initial Catalog=MyDatabase;Data Source=MyServer" strSQL = "SELECT Category, ComputerName, EventCode, " _ & "Message, EventType, RecordNumber, SourceName, " _ & "Type, User, TimeGenerated, TimeWritten FROM EventTable; " Set objConn = CreateObject("ADODB.Connection") Set objRS = CreateObject("ADODB.Recordset") objConn.Open strConnect objRS.CursorLocation = 3 objRS.Open strSQL, objConn, 3, 3 strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!" _ & "\\" & strComputer & "\root\cimv2") Set colRetrievedEvents = objWMIService.ExecQuery("Select * " _ & "from Win32_NTLogEvent Where logfile = 'System'") For Each objEvent in colRetrievedEvents ' If objEvent.SourceName = "PercRAID.Log" Then objRS.AddNew objRS("Category") = objEvent.Category objRS("ComputerName") = objEvent.ComputerName objRS("EventCode") = objEvent.EventCode objRS("Message") = objEvent.Message objRS("EventType") = objEvent.EventType objRS("RecordNumber") = objEvent.RecordNumber objRS("SourceName") = objEvent.SourceName objRS("Type") = objEvent.Type objRS("User") = objEvent.User objRS("TimeGenerated") = DateTime2String(objEvent.TimeGenerated) objRS("TimeWritten") = DateTime2String(objEvent.TimeWritten) objRS.Update ' End If Next objRS.Close objConn.Close Function DateTime2String(timeobj) yr = Left(timeobj,4) m = Mid(timeobj,5,2) d = Mid(timeobj,7,2) h = Mid(timeobj,9,2) min = Mid(timeobj,11,2) s = Mid(timeobj,13,2) DateTime2String = m & "/" & d & "/" & yr _ & " " & h & ":" & min & ":" & s End Function ----------------------------------------- -- Show quoteRegards, Dave Patrick ....Please no email replies - reply in newsgroup. Microsoft Certified Professional Microsoft MVP [Windows] http://www.microsoft.com/protect "Steve Gould" wrote: > Thank you Jeremy! It has the output processing I needed. Still, I need to > process against a number of remote servers and consolidate the output > files. I think they will consolidate OK (haven't tried yet), but I don't > see a way to use it against remote server logs. At this point I think I > could install the utility and scedule it on each server and have them > output to a share. It's not perfect, though. I might not get permission to > install the utility on each server. I'd rather process from my admin > machine. > > I really need some WMI scripts to pull the logs. I'll keep hunting now > that I am much closer. > > Steve  |
|||||||||||||||||||||||
Other interesting topics