Loading ...
Sorry, an error occurred while loading the content.

Event Viewer logs

Expand Messages
  • jschilling@solutechinc.com
    I have a number of NT boxes. I want to poll the event logs of these and retrieve all error events and pool them into a central location for easy review as
    Message 1 of 3 , Sep 11, 2000
    • 0 Attachment
      I have a number of NT boxes. I want to poll the event logs of these
      and retrieve all error events and pool them into a central location
      for easy review as simply as possible.

      I'm just starting on this, but any suggestions would be appreciated.

      thanks
    • Michael Marquart
      On Mon, 11 Sep 2000 14:21:26 -0000 Subject: [BATCH WORLD] Event Viewer logs jschilling@solutechinc.com wrote: What format does an error event take? Is it, for
      Message 2 of 3 , Sep 11, 2000
      • 0 Attachment
        On Mon, 11 Sep 2000 14:21:26 -0000
        Subject: [BATCH WORLD] Event Viewer logs
        jschilling@... wrote:


        What format does an error event take?

        Is it, for example, on a single line commencing with a standard string such as

        Error: 208 - (error msg here)

        (The error logs on each NT box is accessible through the network, I presume)

        Regards
        Mic

        >I have a number of NT boxes. I want to poll the event logs of these
        >and retrieve all error events and pool them into a central location
        >for easy review as simply as possible.
        >
        >I'm just starting on this, but any suggestions would be appreciated.
        >
        >thanks
      • Kenneth C Mazie
        jschilling@solutechinc.com on 09/11/2000 07:25:00 AM To: batchworld@egroups.com@Internet cc: (bcc: Kenneth C Mazie/PO/KAIPERM) Subject: [BATCH WORLD] Event
        Message 3 of 3 , Sep 11, 2000
        • 0 Attachment
          jschilling@... on 09/11/2000 07:25:00 AM
          To: batchworld@egroups.com@Internet
          cc: (bcc: Kenneth C Mazie/PO/KAIPERM)
          Subject: [BATCH WORLD] Event Viewer logs


          I have a number of NT boxes. I want to poll the event logs of these
          and retrieve all error events and pool them into a central location
          for easy review as simply as possible.

          I'm just starting on this, but any suggestions would be appreciated.

          thanks



          To Post a message, send it to: batchworld@...

          To Unsubscribe, send a blank message to: batchworld-unsubscribe@...



          I have a number of NT boxes. I want to poll the event logs of these
          and retrieve all error events and pool them into a central location
          for easy review as simply as possible.

          I'm just starting on this, but any suggestions would be appreciated.

          thanks

          =========================================================================================================
          Here is just what you may be looking for......
          I wrote this batch file by taking someone else's lead and modifying his original batch file to suit my needs. It uses the DUMPEL.EXE utility from the NT resourse kit to extract all three logs from any NT box listed in a flat text file. It then creates a storage location if one doesn't already exist. The storage directory is scanned each time the batch file is run and will only keep the number of weeks (or days) of logs you specify. Anyway, the whole thing is documented in the batch file itself. I heard from someone that due to the way the number of days is checked for that it may not delete the right files, however each time I've tried to varify this everything seems to function properly. I am just about to edit this file to ZIP the eventlogs, mine tend to be in the multimegabyte size and they're filling up my poor server. Just create a text file with a flat list of servers, one entry per line and save it in the same directory as the batch file. You'll need to edit th!
          e batch file defaults since they're still set for my setup. You can change the number of days or weeks to save and many other settings. I frequently tweek this file but I don't usually post the updates at the web site below. I posted this file (and found the original) at the script repository at web site: http://cwashington.netreach.net/script_repository/repository.asp?ScriptType=command_line.

          Ken Mazie
          Kaiser Permanente I.T
          Server Operations West


          Here's the script..........

          @echo off
          :: AUTOEVNT.BAT
          ::
          :: Author - Kenneth C. Mazie
          :: Date - 06-09-2000
          :: Version - 2.0
          ::
          :: Description - This is a Windows NT specific batch script that archives the system event
          :: logs for multiple remote servers. It uses the NT Resource Kit DUMPEL utility which must
          :: exist in the path of the system the batch is executed on. In it's current configuration
          :: the script assumes you have in place a central collection point with a share called
          :: "eventlogs". You can change that share name by editing the "logpath" variable below.
          :: You must tell the batch file which server to use as a central store by entering it in
          :: the "logserver" variable below. It also assumes that you will save the logs once
          :: a week and keep 52 weeks (1 year) of logs. To change this edit the number in the
          :: "killold" section. The script reads the file "servers.txt" which is located on the
          :: logging server and is a raw text list of all systems to back up, one name to a line.
          :: The original batch file was set up to be run on a single machine. It created folders
          :: renamed to todays date under the logpath folder and dumped the three logs into it.
          :: It then kept 30 days worth and removed any older logs. This can be done if desired by
          :: removing the "server" variable in the UNC paths in the DUMPLOGS, CLEANUP, and KILLOLD
          :: sections. You must also un-REM the "server" set variable below and REM out both the
          :: "mainloop" section and "set server=" variable below. I recommend setting the options
          :: on your logfiles so that the logs overwrite events older than seven days. You should
          :: examine your logs to determine what size to restrict them to. Note that you must run
          :: this batch from an NT machine logged in with domain admin rights.
          :: Note - original code by Scott Rolf

          ::----------------------- batch code -----------------------

          :variables
          :: sets initial variables
          set logserver=its-kaiser-pdc
          set logpath=eventlogs
          rem set server=
          :: Parses out the current date to a system variable
          :: Uncomment the next line to set the date format to 01012000 (mmddyyyy)
          ::for /f "tokens= 1,2,3,4 delims=/ " %%I in ('date /t') do Set today=%%J%%K%%L
          :: Uncomment the next line to set the date format to 01-01-2000 (mm-dd-yyyy)
          for /f "tokens= 1,2,3,4 delims=/ " %%I in ('date /t') do Set today=%%J-%%K-%%L

          :mainloop
          :: Loops through external text file of servers to backup
          for /F %%I in (\\%logserver%\%logpath%\servers.txt) do Call :begin %%I
          goto :EOF

          :begin
          set server=%1

          :ServerFolder
          :: Checks for the existance of a folder named after the current server and creates if needed
          if exist \\%logserver%\%logpath%\%server% goto Dumplogs
          Md \\%logserver%\%logpath%\%server%

          :Dumplogs
          echo Exporting: %server%
          :: Backup the system event log
          dumpel -s %server% -t -l system -f \\%logserver%\%logpath%\%server%\%today%sy.log
          :: Backup the application event log
          dumpel -s %server% -t -l application -f \\%logserver%\%logpath%\%server%\%today%ap.log
          :: Backup the security event log
          dumpel -s %server% -t -l security -f \\%logserver%\%logpath%\%server%\%today%se.log

          :Cleanup
          :: CLEANUP..dump dir of \\%logserver%\%logpath% to a text file and delete old files/folders
          set T=0
          ::dir \\%logserver%\%logpath% /b /o:-n > c:\temp\tempdir.txt
          dir \\%logserver%\%logpath%\%server% /b /o:-n > c:\temp\tempdir.txt
          for /F %%I in (c:\temp\tempdir.txt) do Call :Killold %%I
          goto :EOF

          :Killold
          :: this subroutine kills logs older then 52 weeks (3 logs for 52 weeks = 156)
          set /a T = 1+%T%
          if %T% LEQ 156 goto :EOF
          ::rd /S /Q \\%logserver%\%logpath%\%1
          del /S /Q /F \\%logserver%\%logpath%\%server%\%1

          :Exit
        Your message has been successfully submitted and would be delivered to recipients shortly.