..., etc.

User Tools

Site Tools

Trace: windows_event_log_query_example
event_log_query:windows_event_log_query_example

Outdated - use psloglist instead !!!

Example syntax for querying the Windows Event logs and getting simple text format out: 

C:\>cscript.exe C:\windows\system32\eventquery.vbs /L Application /V /FI "Source
eq AdsmClientService" /FI "Datetime gt 01/31/2008,12:00:00AM"

You must use cscript.exe as the vbs processor. 

C:\>cscript.exe C:\windows\system32\eventquery.vbs /L Application /V /FI "Source
eq AdsmClientService" /FI "Datetime gt 01/31/2008,12:00:00AM"
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.


------------------------------------------------------------------------------
Listing the events in 'application' log of host 'INFOED-DEV2'
------------------------------------------------------------------------------
Type          Event  Date Time               Source            ComputerName
Category        User                 Description
------------- ------ ----------------------- ----------------- ---------------
--------------- -------------------- -----------
Information   4097   1/31/2008 12:33:43 AM   AdsmClientService INFOED-DEV2
None            NT AUTHORITY\SYSTEM  Execution of Schedule GEN_0030 Started
Information   4100   1/31/2008 12:14:43 AM   AdsmClientService INFOED-DEV2
None            NT AUTHORITY\SYSTEM  Next Scheduled Event Obtained from Server T
SM (Windows):  
-------------------------------------------------------------  
Schedule Name:            GEN_0030  Action:
Incremental  Objects:                           (none)  Options:
       (none)  Server Window Start:    00:30:00 on 01/31/2008  
--------------------------------------------------------------
Information   4097   1/31/2008 12:33:43 AM   AdsmClientService INFOED-DEV2
None            NT AUTHORITY\SYSTEM  Incremental backup of volume '\\infoed-dev2\c$'

Information   4097   1/31/2008 12:33:43 AM   AdsmClientService INFOED-DEV2
None            NT AUTHORITY\SYSTEM  Incremental backup of volume '\\infoed-dev2\d$'

Information   4097   1/31/2008 12:33:43 AM   AdsmClientService INFOED-DEV2
None            NT AUTHORITY\SYSTEM  Incremental backup of volume 'SYSTEMSTATE'

Information   4097   1/31/2008 1:34:29 AM    AdsmClientService INFOED-DEV2
None            NT AUTHORITY\SYSTEM  Incremental backup of volume 'SYSTEMSERVICES'
 
Error         4099   1/31/2008 1:34:43 AM    AdsmClientService INFOED-DEV2
None            NT AUTHORITY\SYSTEM  ANS4987E Error processing '\\infoed-dev2\c$
\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Operations
Manager\MOM2 Management Group\EventCons': the object is in use by another process
 
Error         4099   1/31/2008 1:37:38 AM    AdsmClientService INFOED-DEV2
None            NT AUTHORITY\SYSTEM  ANS4987E Error processing '\\infoed-dev2\c$
\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Operations
Manager\MOM2 Management Group\EventCons': the object is in use by another process
event_log_query/windows_event_log_query_example.txt · Last modified: 2010/03/06 02:02 by ben

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
CC Attribution-Noncommercial-Share Alike 3.0 Unported Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki