Zetetic.Events is a free command-line tool that can quickly scan and filter multiple running Windows Event Logs, and archived .evt and .evtx files, in parallel.

Submitted by Steve Kradel

It taps into the new 2008 / Windows 7 logging infrastructure when available, but will fall back to 2003 mode when necessary, and supports filtering on event IDs, and start and end dates, as well as text within the event message.

Zetetic.Events automatically discovers your environment's domain controllers, which makes it especially valuable for diagnosing login failures, account lockouts, and security audit events.

Here is an example:

Subscribe to 4sysops newsletter!

ZeShell -e 4728-4758,after=19-July-2011
Event ID:    4728
Level:       Information
Keywords:    Audit Success
Publisher:   Microsoft-Windows-Security-Auditing
Created:     7/20/2011 2:35:17 PM
Machine:     dc-1.demo.net
Log:         Security
Description: A member was added to a security-enabled global group.

        Security ID:            S-1-5-21-950928700-2040260430-2032203972-500
        Account Name:           Administrator
        Account Domain:         DEMO
        Logon ID:               0x454d11

        Security ID:            S-1-5-21-950928700-2040260430-2032203972-187428
        Account Name:           CN=Uncle Fester,OU=ZetDemo,DC=demo,DC=net

        Security ID:            S-1-5-21-950928700-2040260430-2032203972-187514
        Group Name:             Global1
        Group Domain:           DEMO

Additional Information:
        Privileges:             -
  1. Jim 12 years ago

    I’ve always used MS’s LogParser for things like this, but I like the idea this will adapt to the Windows 7/2008 structure. I currently have to have two sets of LogParser queries to handle new vs. legacy logs, so this will definitely be worth giving a serious look.


  2. Jim, thanks for the tip. Micrsoft LogParser is still missing in the 4sysops list of free admin tools. Maybe you want to add it with a little description and with your experiences with the tool?

    Another GUI-based event log parser is EVT LogParser and for advanced event log analysis I recommend EventSentry.

Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account