• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Looking for a Windows utility to gather remote Event Log info

S

Shag

Senior member
I'm hoping to find a Windows utility somewhere that will allow me to gather errors/warnings from the event logs of 30+ Windows 2000 Server machines to a central location. Currently, we are having to check this out manually, which is a serious PITA. I have thought about scripting something up on my own, but I can't imagine this is an odd request, and would think there would be utilities for this out there somewhere.

I've come across a few, but they've all been pretty high-dollar, and have a lot more functionality than I need. I'd like to find something relatively cheap, or at best, freeware.

So, anyone know of a utility to accomplish this?
 
The eventlog API's are published, and there is a Perl module that allows for querying.

Since I'm towards the end of a very large project to archive said event-logs....you could also use a combination of dumpel (from the resource kit) with AT (to kick it off) to get the entire log-files back to single machine. Then you'd still have to parse the files for NEW entries, and also to get rid of the INFORMATIONAL entries.

Perl can be cryptic, but it's absolutely great for this type of text file parsing. If you're interested in something like this, I can probably send you some perl I wrote for searching a dumped event log. Although it's designed to work w/ Security Logs, the search function could certainly be modified to meet your needs.
 
Woodie,

Thanks for that info. I'm actually pretty familiar with Perl, and have done a decent amount of work with it. Unfortunately, I've only worked with it in a UNIX context, never in a Windows context. Once I got the files to a central location, I would have no problem scripting something up to parse them into a format of my choosing (go regular expressions! 🙂 ). The part I'm unsure of is actually getting the logs themselves.

Can you point me toward the Perl module that you indicated?

This is in a production environment, and they may not want Perl installed on all the machines. Will the module allow me to do all this from a centralized location (i.e. Have a script actually go and dump the logs, then grab them) rather than having it run locally on each box? Optimally, I would like to only need to install Perl onto one box, and do all the Perl work from there. Not being familiar with using Perl in a Windows environment, I'm not sure if this is possible. Can you shed any light on this?
 
If you don't want to install perl on the servers, then I would do something like this:
1. Use AT (as system) to run a batch file, which calls dumpel.exe, and dumps the file to a local directory.
(Also should delete any existing log-files, and zip the newly dumped file)
2. Create a r/o sharepoint, for the local directory where the logs are dumped.
3. Create a perl script on your central device, which periodically runs and:
A. Reads a list of server names from an input file
B. Connects to the same sharepoint on each server, and retrieves whatever logs are there.
C. Parses each log after it's been retrieved, and do whatever.

For Win32 perl, go to Activestate.com.
The win32 modules are listed there, though the way I've suggested, you don't even need those.

Oh, almost forgot. The key to a good dump is to use the parameters for dumpel to get it in comma delimited format. At least that's the one that has provided me with the best results.

g/l
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top