Trying to make daily log dumps using eventquery

[Steve Stormont]

We need to make daily dumps of the System, Application, and Security
logs of a certain machine in the office. We only want to dump new events
that have occured since the last dump, not the entire log (to keep file size
down). Since the user shuts down their PC each day, it would essentail just
be a dump of events that have happened on the current day.

I thouhgt that I could do this using eventquery.pl, but since it doesn't
seem to understand any sort of %DATE% variable, I'm at a loss. Any ideas on
how we can go about doing this?

Steve

 

[Steven L Umbach]

Hi Steve.

I have not tried it myself yet but PsLogList is free from SysInternals and may be
worth a look. It has several options including switches for before and after a
timestamp. --- Steve

http://www.sysinternals.com/ntw2k/freeware/psloglist.shtml

 

[Tiny-EPL]

Stev:

Have you tried to use eventquery.vbs instead of eventquery.pl? Thi
tool has a good set of options to filter the events you want to dump
Ad also the results can be saved as csv or other formats you qill b
able to handle then as you wish.

Tin


-
Tiny-EP