Recently I went through a situation to parse windowslog files (*.evtx/*.evt files) to format output into a text file. Using this tool my job was finished very smooth and amazed seeing the output.
1. You can download LogParser tool from Microsoft
2. Run LogParser.msi file to install on your local system.
3. Copy the folder Logparser2.2 from c:\program files\Log parser 2.2 to d:\logparser on respect server/client system. If you want parse on a local system then there is no need to copy the folder.
4. Go to the directory on local system or remote system and run this command to format windows event logs into text format
D:\LogParser.exe “SELECT TimeGenerated, SourceName, EventCategoryName, Message INTO report.txt FROM ‘Directory Service’ WHERE EVENTID = 1307”
5. You can run this tool in a schedule task to parse event logs depend on your requirements.
6. You can parse remaining windows logs like Application, System, Security, DNS and File Replication Service by replacing “Drectory Service” in above command. There is no limit to use this tool and it depends on your imagination. You can find more documentation on this tool in installed folder as LogParser.chm.
Have a nice day!
Techie
No comments:
Post a Comment