8.9. Searching an Event Log on a Server
You want to search for events in a specific event log.
Using a graphical user interface
Open the Event Viewer (eventvwr.msc).
In the left pane, right-click on the event log you want to search and select Properties.
Click the Filter tab.
Enter the search criteria and click OK.
Another alternative for searching the event logs on a single host is the Event Comb utility, which I cover in Recipe 8.10.
Using a command-line interface
You can use the eventquery.vbs command on Windows Server 2003 to remotely query the event log of a server. The following command displays the last 10 events with event ID 105 on the host fs01:
> eventquery.vbs /S fs01 /R 10 /L Application /FI "ID eq 105"
On Windows 2000, you can use a combination of the elogdmp and findstr commands to find specific events. The following command displays events in the Application log that have the string 105 somewhere in the event (it could be in the description, the event ID, etc.):
> elogdmp server01 Application | findstr 105
Obviously this may not find exactly what you want, but since the output of elogdmp is comma-delimited, you can play around with what you pass to findstr to improve your odds of returning exactly what you want. For example:
> elogdmp server01 Application | findstr ",105,"
' This code searches for events matching the specified criteria. ' ------ SCRIPT CONFIGURATION ------ intEventCode =
<EventID>' Event ID to match; e.g., 105 strLog = "