|
Event log reader
|
|
| · | The NTinfo event log reader can collect records from many machines at once. Collect all records, or records from a certain time period, or of a certain type or ID. Sort, search and filter collected data and view it in NTreport or export it.
|
| · | It is also possible to read archived logs that are saved with the SetupBatcher EventLog.Backup command or the NTreport BackupEventLog command.
|
| · | The event log reader can be automated by creating an NTreport script. The script can be launched either with the NTreport speed buttons or from the command line. This is very useful for tasks done on a regular basis, like for example to read all events for the last 24 hours from a couple of servers. By using scripts you do not have to fill in the fields manually every time, and the grid can be nicely formatted the way you want it. The speed button labeled "2" is already linked to a script that reads the log of the local machine. Try it!
|
| · | Log - reads the current event log from the selected machine or from all machines in the selected domain. Use the combobox below the log mode selector to select log. Select "*ALL*" to read all logs. Then select operating mode, select a machine or a domain and click the "Scan" button.
|
| · | File - opens a single saved log file. Click the "..." button and select the backup log file, then click "Scan". (The machine from which the log came must be switched on.)
|
| · | Dir - open all saved log files in a directory. Click the "..." button to select directory, then click "Scan". (All log source machines must be switched on.)
|
| · | One record per row, one property per column, see event log record format.
|
| · | A minus sign in front of a date reads all events to the date, including the date.
|
| · | A minus sign after the date reads all events after the date, including the date.
|
|
Enter
|
...to read all events...
|
|
1999-07-17
|
that happened during the day 1999-07-17
|
|
-1999-07-17
|
before 1999-07-18
|
|
1999-07-17-
|
after 1999-07-16
|
| · | X = start day
|
| · | Y = end day
|
| · | 0=today, 1=yesterday, 2=the day before yesterday etc.
|
|
Enter
|
...to read all events...
|
|
DAY:0
|
that happened today
|
|
DAY:1
|
that happened yesterday
|
|
DAY:0-1
|
yesterday - today
|
|
DAY:1-4
|
four days ago to yesterday
|
|
DAY:7
|
one week ago
|
|
Enter
|
...to read all events...
|
|
DAY:1 ; ID:6005
|
from yesterday, ending with the first "The Event log service was started" event that happened during that day
|
|
Enter
|
...to read all events...
|
|
1999-09-08 ; ID:6005 ; forward
|
to read events from the date 1999-09-08, forward, starting with the first "The Event log service was started" event that happened during that day
|
|
Enter
|
...to read all events...
|
|
atapi
|
from source "atapi"
|
|
"serv*"
|
where the source starts with the string "serv" (usually service control manager)
|
|
Enter
|
...to read...
|
|
s
|
success events
|
|
e
|
error events
|
|
w
|
warning events
|
|
i
|
information events
|
|
sa
|
success audit events
|
|
fa
|
failure audit events
|
|
e, fa
|
error and failure audit events
|
|
-s, i
|
all events except success and information events
|
|
Enter
|
...to..
|
|
202, 1001, 407
|
read only the events 202, 1001 and 407
|
|
-202, 1001, 407
|
exclude the events 202, 1001 and 407
|