8.10. Searching the Event Logs on Multiple Servers
You want to search for events across multiple computers.
Using a graphical user interface
Open the Event Comb utility (eventcombmt.exe). When you first start the tool, it launches a Simple Instructions dialog box that contains the following directions:
Verify the Domain box shows the domain for which you want to search.
Right-click the box labeled Select to Search/Right Click To Add. Add the servers you want to search—e.g., All the DCs or individual servers.
Choose the log files you want to search, e.g., System, Application.
Select the event type you would like to search for, e.g., Error, Warning.
Enter the event IDs you would like to search for, e.g., 6005, in the Event IDs text box.
Click Search to start your search.
Using a command-line interface
None of the standard command-line tools support searching the event logs across multiple servers. You can, however, use a for command to run a query against several servers at once. Here are a couple of examples.
For Windows Server 2003:
> for /D %i in ("server01","server02") do eventquery.vbs /S %i /R 10 /L Application / FI "ID eq 105"
For Windows Server 2000:
> for /D %i in ("server01","server02") do elogdmp %i Application | findstr ",105,"
' This code searches for events that match the specified criteria ' across several servers. ' ------ SCRIPT CONFIGURATION ------ intEventCode =
<EventID>' Event ID to match; e.g., 105 strLog = "
<EventLogName>" ' Event log name; ...