eventquery

Previous page
Table of content
Next page

eventquery new in WS2003

Displays events from event logs.

Syntax 

 eventquery [/s   Computer   [/u   Domain   \   User   [/p   Password   ]]] [/fi   Filter   ]    [/fo {TABLE  LIST  CSV}] [/r   EventRange   [/nh] [/v]    [/l [APPLICATION] [SYSTEM] [SECURITY] ["DNS server"] [UserDefinedLog]    [DirectoryLogName] [*] ]

Options

/s Computer

Name or IP address of remote computer (if omitted, defaults to local computer).

/u Domain\User /p Password

Credentials for running the command (if omitted, defaults to currently logged-on user).

/fi Filter

Filter for specifying types of events to search for (enclose in quotes). These can be:

Datetime {eq ne ge le gt lt} {mm/dd/yy(yyyy) hh:mm:ss{AM PM}}
Type {eq ne} {ERROR INFORMATION WARNING SUCCESS SUCCESSAUDIT FAILUREAUDIT}
ID {eq ne ge le gt lt} ValidInteger .
User {eq ne} ValidString
Computer {eq ne} ValidString
Source {eq ne} ValidString
Category {eq ne} ValidString
/fo {TABLE LIST CSV}

Format for command output.

/r EventRange

Range of events to display. This can be:

N

Lists N most recent events

-N

Lists N oldest events

N1-N2

Lists events N1 to N2

/nh

No headers for columns in output ( TABLE and CSV format only).

/v

Verbose information should be displayed.

/l [APPLICATION] [SYSTEM] [SECURITY] ["DNS server"] [UserDefinedLog] [DirectoryLogName] [*]

One or more logs to query, with the default being wildcard (*). Reuse the /l switch if you want to query more than one log.

Examples

Display five most recent events from System log: 

  eventquery /l system /r 5  Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.     ---------------------------------------------------------------------------- Listing the events in 'system' log of host 'ESRV210D' ----------------------------------------------------------------------------  Type          Event  Date Time               Source            ComputerName  ------------- ------ ----------------------- ----------------- ------------  Warning       40961  3/26/2003 10:26:15 AM   LSASRV            ESRV210D  Warning       36     3/26/2003 10:25:55 AM   W32Time           ESRV210D  Warning       20     3/26/2003 9:51:41 AM    Print             ESRV210D  Error         1111   3/26/2003 9:51:17 AM    TermServDevices   ESRV210D  Error         1111   3/26/2003 9:51:17 AM    TermServDevices   ESRV210D

Search the System log for events with ID 36 and display the results in list format: 

  eventquery /fi "ID eq 36" /l SYSTEM /fo LIST  Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.     ---------------------------------------------------------------------------- Listing the events in 'system' log of host 'ESRV210D' ---------------------------------------------------------------------------- Type:         Warning Event:        36 Date Time:    3/26/2003 10:25:55 AM Source:       W32Time ComputerName: ESRV210D     Type:         Warning Event:        36 Date Time:    3/11/2003 11:42:32 AM Source:       W32Time ComputerName: ESRV210D

Repeat the command but display verbose output instead: 

  eventquery /fi "ID eq 36" /l SYSTEM /fo LIST /v  Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.     ---------------------------------------------------------------------------- Listing the events in 'system' log of host 'ESRV210D' ---------------------------------------------------------------------------- Type:         Warning Event:        36 Date Time:    3/26/2003 10:25:55 AM Source:       W32Time ComputerName: ESRV210D Category:     None User:         N/A Description:  The time service has not synchronized the system time for  86400 seconds  because none of the time service providers provided a usable  time  stamp.  The time service is no longer synchronized and cannot provide the time to  other clients or update the system clock. Monitor the  system events  displayed in the Event  Viewer to make sure that a more  serious problem  does not exist.     Type:         Warning Event:        36 Date Time:    3/11/2003 11:42:32 AM Source:       W32Time ComputerName: ESRV210D Category:     None User:         N/A Description:  The time service has not synchronized the system time for  86400 seconds  because none of the time service providers provided a usable  time  stamp.  The time service is no longer synchronized and cannot provide the time to  other clients or update the system clock. Monitor the system events  displayed in the Event  Viewer to make sure that a more serious problem does  not exist.

Notes

This command is a .vbs script and requires CScript to run. You can make CScript your default script host by typing the following at the command prompt: 

  cscript //h:cscript //s

See Also

Event Logs


Previous page
Table of content
Next page
Windows Server 2003 in a Nutshell
Windows Server 2003 in a Nutshell
ISBN: 0596004044
EAN: 2147483647
Year: 2003
Pages: 415
Authors: Mitch Tulloch
BUY ON AMAZON
MySQL Stored Procedure Programming
Certified Ethical Hacker Exam Prep
Adobe After Effects 7.0 Studio Techniques
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
The Complete Cisco VPN Configuration Guide
GO! with Microsoft Office 2003 Brief (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy