8.10. Searching the Event Logs on Multiple Servers

Problem

You want to search for events across multiple computers.

Solution

Using a graphical user interface

  1. Open the Event Comb utility (eventcombmt.exe). When you first start the tool, it launches a Simple Instructions dialog box that contains the following directions:

  2. Verify the Domain box shows the domain for which you want to search.

  3. Right-click the box labeled Select to Search/Right Click To Add. Add the servers you want to search—e.g., All the DCs or individual servers.

  4. Choose the log files you want to search, e.g., System, Application.

  5. Select the event type you would like to search for, e.g., Error, Warning.

  6. Enter the event IDs you would like to search for, e.g., 6005, in the Event IDs text box.

  7. Click Search to start your search.

Using a command-line interface

None of the standard command-line tools support searching the event logs across multiple servers. You can, however, use a for command to run a query against several servers at once. Here are a couple of examples.

For Windows Server 2003:

> for /D %i in ("server01","server02") do eventquery.vbs /S %i /R 10 /L Application /
FI "ID eq 105"

For Windows Server 2000:

> for /D %i in ("server01","server02") do elogdmp %i Application | findstr ",105,"

Using VBScript

' This code searches for events that match the specified criteria 
' across several servers.
' ------ SCRIPT CONFIGURATION ------
intEventCode = <EventID>            ' Event ID to match; e.g., 105
strLog       = "<EventLogName>" ' Event log name; ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.