HPE Community
Windows Server 2003
1833027 Members
2157 Online
110049 Solutions
New Discussion

Eventvwr command line

 
SOLVED
Go to solution
Edgar Zapata
Esteemed Contributor

‎12-20-2007 08:00 AM

‎12-20-2007 08:00 AM

Eventvwr command line

Hi,

Is there a way to get eventvwr save either Application or System LOG through a DOS command?

Thanks.
0 Kudos
10 REPLIES 10
Daniel Leblanc
Honored Contributor

‎12-20-2007 10:06 AM

‎12-20-2007 10:06 AM

Re: Eventvwr command line

Why do you want this?

Dan
0 Kudos
Edgar Zapata
Esteemed Contributor

‎12-20-2007 10:25 AM

‎12-20-2007 10:25 AM

Re: Eventvwr command line

Hi,
We need to automate as much as possible the collecting of data when an incident ocurrs.

We are having a recurrent incident and we need to stablish a pattern of behavior.

Thanks.

0 Kudos
Daniel Leblanc
Honored Contributor

‎12-20-2007 11:03 AM

‎12-20-2007 11:03 AM

Re: Eventvwr command line

Did you try think of applying HP SIM or if you need Event Sentry is a good monitoring for event ,but but if i knew what was you want to get info,Event sentry cost $ and HP Sim is free and very powerfull (easy to use)is can monitore Hardware problem and software, it can even warn you when a service goes down or up.

Dan
0 Kudos
clausw
Frequent Advisor

‎12-20-2007 09:18 PM

‎12-20-2007 09:18 PM

Solution

Re: Eventvwr command line

definitly yes,
pleas checke the Help and Support Center on your Windwos 2003 Server and search for Command-line reference A-Z.
There you can find under e "Eventcreate"; "Eventquery"; "Eventtriggers"; "Eventcmd".
I think these are helpful tools, but dont forget to WSH (Windows Scripting Host) and the new Windows Powershell (this will be the future environment for scripting Windows Systems and will be so powerful as UNIX-Shell).
cpw
Peter Turek
Frequent Advisor

‎12-21-2007 06:09 AM

‎12-21-2007 06:09 AM

Re: Eventvwr command line

Your best bet really is just to get an event log archiver/analyzer. They vary widely in price and capability and the one that I like by far is manage engine event log analyzer. http://manageengine.adventnet.com/products/eventlog/index.html

This product also analyzes events and can alert on them but if you're really interested in that, get something like MS MOM/SCOM (HP openview is, err, expensive and more complex but competes with SCOM). Its cheap compared to others and free for 5 hosts.

It runs a service on a central host that polls remote servers (and it can syslog firewalls, etc) say every 5 min and sucks up events. Then pushes to a mysql database to store events and can archive them out from that db to .zip files which can be imported later. You can then keep the storage requirements down.

The thing I like most is that since it's in a real database you can use both the standard reports with the product as well as write your own SQL queries if you like to get just about anything you want.

This is all important because some servers can literally blow through a 100mb limit on a log file in hours so it's good to know you've got everything. You can go back 3 months ago to see who deleted a file etc. Nice.
Lucky Luciano
Regular Advisor

‎02-19-2008 12:56 PM

‎02-19-2008 12:56 PM

Re: Eventvwr command line


strComputer = "."

dtmThisMonth = Month(Date)-1
strBackupName = dtmThisMonth
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Backup)}!\\" & _
strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile where LogFileName='Security'")
For Each objLogfile in colLogFiles
objLogFile.BackupEventLog("c:\scripts\results\" & strBackupName & _
"_security.evt")
objLogFile.ClearEventLog()
Next
I admire your fashionable running shoes!
Peter Turek
Frequent Advisor

‎02-19-2008 01:12 PM

‎02-19-2008 01:12 PM

Re: Eventvwr command line

You can also use the resource kit utility called dumpEL. This dumps to csv and other formats. easy to use from cmd.
Edgar Zapata
Esteemed Contributor

‎02-19-2008 03:41 PM

‎02-19-2008 03:41 PM

Re: Eventvwr command line

Thank you all.
Lots of information to manage.
I didn't know about the dumpEL.exe utility.

Thanks again.
0 Kudos
Gfuss
Trusted Contributor

‎02-27-2008 04:32 AM

‎02-27-2008 04:32 AM

Re: Eventvwr command line

Edgar,
Not sure if you are looking for a pay vs. free product, but I have used GFi EventsManager.

http://www.gfi.com/eventsmanager/

Like most of these products, it runs on SQL and has a Web-based front end making it accessible from anywhere.

The nice thing about a product like this (or any of the others mentioned), Edgar, is that it will go and collect all logs from all of your servers and store them in a central location. This is better for security (the logs are no longer on the remote system), management, being proactive, etc.

I also currently use HP SIM and find it an excellent free solution for inventory, alerting, reporting, etc.


Edgar Zapata
Esteemed Contributor

‎02-28-2008 03:36 AM

‎02-28-2008 03:36 AM

Re: Eventvwr command line

I was looking for a command line utility, so dumpel is what I was looking for.

Tnks.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.