Sign in Subscribe

Logparser

Klaus Hebsgaard

I just discovered a tool from Microsoft called LogParser, I don't have a lot of experience with it.

The point with the tool is that you can use sql to query your logs, and you can query different logtypes (Windows EventLog, csv, xml, sql server and more).

At http://www.logparser.com you find a forum regarding LogParser.

Here is a small example of a logparser query:

LogParser -i:EVT -o:NAT "SELECT * FROM System"

It will select all system events from eventlog

of course you can add where clauses

LogParser "SELECT TimeGenerated, SourceName, 
EventCategoryName, Message INTO report.txt FROM Security WHERE 
EventID = 528 AND SID LIKE '%TESTUSER%'" -resolveSIDs:ON

Sign up for more like this.

Enter your email
Subscribe