Generate custom reports detailing event log activity
As a Windows systems administrator, it's often helpful to examine event logs on machines experiencing problems. But many times when I see an error event in the logs, I find myself wondering whether the same error is happening on other machines or how often the error is happening throughout my network. Trying to gather this information manually is extremely tedious and can take hours depending on the size of the network. That's why I wrote EventLogScanner.vbs—it quickly generates custom reports detailing the event log activity of Windows XP machines on a network.
When you execute the script, you're prompted to enter the following:
- Which event log to scan (Application log or System log)
- The event ID number you want the script to look for
- A date range over which you want the script to scan
The script then uses the criteria you entered to scan each machine on your network. When finished, it generates a report in Microsoft Excel that displays the following for each machine on your network:
- Date of scan
- Type of log (Application or System)
- Event ID number
- Host name
- Date range scanned
- Count (number of times the specified event ID occurred on that host within the date range)
- Most recent occurrence (the most recent date the specified event ID occurred on that host within the date range)
- Last user (the username of the person who last logged on to that host before the event ID occurred)
You can download EventLogScanner.vbs by clicking the Download the Code Here button near the top of the page. There are three things you need to do to make this event log scanner work in your environment:
- If you don’t have one already, create a text file containing a list of every XP hostname on your network. Each host should be on a separate line in the file.
- Find the line
Const PATH = "\\PATH\"
and replace \\PATH\ with the location of the directory where you want the results to be logged.
- Find the line
Const PCLIST = "\\PATH\HOSTNAMES.TXT"
and replace \\PATH\HOSTNAMES.TXT with the pathname of the file containing your list of hosts.
With EventLogScanner.vbs, I can quickly identify errors occurring throughout our network as well as determine if a particular error is simply an anomaly or part of a larger problem that's affecting multiple hosts. It works as is on XP hosts, but you could easily modify it to work on other versions of Windows as well.