Sign in with
Sign up | Sign in
Your question

command line: open saved event log?

Tags:
  • Security
  • Microsoft
  • Command Line
  • Windows XP
Last response: in Windows XP
Share
February 16, 2005 9:52:57 PM

Archived from groups: microsoft.public.win2000.cmdprompt.admin,microsoft.public.windowsxp.security_admin (More info?)

Hi:

Is there a way to open a saved eventlog (*.evt) from command line?

Thanks in Advance!
Polaris

More about : command line open saved event log

February 17, 2005 3:11:15 AM

Archived from groups: microsoft.public.win2000.cmdprompt.admin,microsoft.public.windowsxp.security_admin (More info?)

In news:u7awJvJFFHA.1264@TK2MSFTNGP12.phx.gbl,
Polaris <etpolaris@hotmail.com> had this to say:


> Hi:
>
> Is there a way to open a saved eventlog (*.evt) from command line?
>
> Thanks in Advance!
> Polaris

Here's what I did.

Save the *evt file where you will remember the location. Run and type in
that location and the name of the log that you want to open, in my case it
was test.evt and so I typed X:\test.evt and it opened. The first time it
asked me to pick what I wanted to open it with, I clicked browse, aimed at
the %WinDir%\System32\eventvwr.msc file, made that the default, gave it a
description ("Event Log File") and clicked okay. Then, to make sure it
worked, I ran the prompt again and it worked wonders.

Galen

--

"My mind rebels at stagnation. Give me problems, give me work, give me
the most abstruse cryptogram or the most intricate analysis, and I am
in my own proper atmosphere. I can dispense then with artificial
stimulants. But I abhor the dull routine of existence. I crave for
mental exaltation." -- Sherlock Holmes
Anonymous
a b 8 Security
February 17, 2005 5:17:57 PM

Archived from groups: microsoft.public.win2000.cmdprompt.admin,microsoft.public.windowsxp.security_admin (More info?)

Polaris wrote:
> Is there a way to open a saved eventlog (*.evt) from command line?
>

Evt files are an input option of Logparser.
IMO a must to process any logfile with sql like queries with these
output formats: (snipped from the help file)
Generic Text File Output Formats
NAT: formats output records as readable tabulated columns.
CSV: formats output records as comma-separated values text.
TSV: formats output records as tab-separated or space-separated values text.
XML: formats output records as XML documents.
W3C: formats output records in the W3C Extended Log File Format.
TPL: formats output records following user-defined templates.
IIS: formats output records in the Microsoft IIS Log File Format.
Special-purpose Output Formats
SQL: uploads output records to a table in a SQL database.
SYSLOG: sends output records to a Syslog server.
DATAGRID: displays output records in a graphical user interface.
CHART: creates image files containing charts.


And even scriptable.
http://www.logparser.com
http://www.microsoft.com/downloads/details.aspx?familyi...

HTH

--
Gruesse Greetings Saludos Saluti Salutations
Matthias
---------+---------+---------+---------+---------+---------+---------+
Anonymous
a b 8 Security
February 17, 2005 10:35:47 PM

Archived from groups: microsoft.public.win2000.cmdprompt.admin,microsoft.public.windowsxp.security_admin (More info?)

On Wed, 16 Feb 2005 18:52:57 -0800, "Polaris" <etpolaris@hotmail.com>
wrote in microsoft.public.win2000.cmdprompt.admin,
microsoft.public.windowsxp.security_admin:

>Is there a way to open a saved eventlog (*.evt) from command line?

DUMPEL.EXE from the Resource Kit:
DUMPEL -b -l saved.evt
See:
<http://www.microsoft.com/downloads/details.aspx?FamilyI...;.

or PsLogList:
PsLogList -l saved.evt
from <http://www.sysinternals.com/ntw2k/freeware/psloglist.sh...;

--
Michael Bednarek http://mbednarek.com/ "POST NO BILLS"
February 18, 2005 1:25:51 PM

Archived from groups: microsoft.public.win2000.cmdprompt.admin,microsoft.public.windowsxp.security_admin (More info?)

Thank you all very much for your help! I will use the dumpel for now.

Polaris

"Polaris" <etpolaris@hotmail.com> wrote in message
news:u7awJvJFFHA.1264@TK2MSFTNGP12.phx.gbl...
> Hi:
>
> Is there a way to open a saved eventlog (*.evt) from command line?
>
> Thanks in Advance!
> Polaris
>
!