Zetetic.Events is a free command-line tool that can quickly scan and filter multiple running Windows Event Logs, and archived .evt and .evtx files, in parallel.
Latest posts by Guest Author (see all)
- FREE: File Permissions Check – Compare folder and file permissions - Fri, Feb 20 2015
- FREE: ABC-Deploy – Software deployment and inventory - Wed, Apr 16 2014
- FREE: AD Permissions Reporter – View Active Directory permissions - Fri, Feb 7 2014
Submitted by Steve Kradel
It taps into the new 2008 / Windows 7 logging infrastructure when available, but will fall back to 2003 mode when necessary, and supports filtering on event IDs, and start and end dates, as well as text within the event message.
Zetetic.Events automatically discovers your environment's domain controllers, which makes it especially valuable for diagnosing login failures, account lockouts, and security audit events.
Here is an example:
Subscribe to 4sysops newsletter!
ZeShell -e 4728-4758,after=19-July-2011 ----------------------------------------------------- Event ID: 4728 Level: Information Keywords: Audit Success Publisher: Microsoft-Windows-Security-Auditing Created: 7/20/2011 2:35:17 PM Machine: dc-1.demo.net Log: Security Description: A member was added to a security-enabled global group. Subject: Security ID: S-1-5-21-950928700-2040260430-2032203972-500 Account Name: Administrator Account Domain: DEMO Logon ID: 0x454d11 Member: Security ID: S-1-5-21-950928700-2040260430-2032203972-187428 Account Name: CN=Uncle Fester,OU=ZetDemo,DC=demo,DC=net Group: Security ID: S-1-5-21-950928700-2040260430-2032203972-187514 Group Name: Global1 Group Domain: DEMO Additional Information: Privileges: -
I’ve always used MS’s LogParser for things like this, but I like the idea this will adapt to the Windows 7/2008 structure. I currently have to have two sets of LogParser queries to handle new vs. legacy logs, so this will definitely be worth giving a serious look.
Thanks!
Jim, thanks for the tip. Micrsoft LogParser is still missing in the 4sysops list of free admin tools. Maybe you want to add it with a little description and with your experiences with the tool?
Another GUI-based event log parser is EVT LogParser and for advanced event log analysis I recommend EventSentry.