Windows IT Pro
Connect With Us
Home > Systems Management > PowerShell & Scripting > Scripting > Event Log Scanner

Event Log Scanner

Generate custom reports detailing event log activity

Aug. 9, 2010 Brandon Jones | Windows IT Pro
Downloads
125606.zip

As a Windows systems administrator, it's often helpful to examine event logs on machines experiencing problems. But many times when I see an error event in the logs, I find myself wondering whether the same error is happening on other machines or how often the error is happening throughout my network. Trying to gather this information manually is extremely tedious and can take hours depending on the size of the network. That's why I wrote EventLogScanner.vbs—it quickly generates custom reports detailing the event log activity of Windows XP machines on a network.

When you execute the script, you're prompted to enter the following:

  1. Which event log to scan (Application log or System log)
  2. The event ID number you want the script to look for
  3. A date range over which you want the script to scan

The script then uses the criteria you entered to scan each machine on your network. When finished, it generates a report in Microsoft Excel that displays the following for each machine on your network:

  • Date of scan
  • Type of log (Application or System)
  • Event ID number
  • Host name
  • Date range scanned
  • Count (number of times the specified event ID occurred on that host within the date range)
  • Most recent occurrence (the most recent date the specified event ID occurred on that host within the date range)
  • Last user (the username of the person who last logged on to that host before the event ID occurred)

You can download EventLogScanner.vbs by clicking the Download the Code Here button near the top of the page. There are three things you need to do to make this event log scanner work in your environment:

  1. If you don’t have one already, create a text file containing a list of every XP hostname on your network. Each host should be on a separate line in the file.
  2. Find the line

    Const PATH = "\\PATH\"

    and replace \\PATH\ with the location of the directory where you want the results to be logged.
  3. Find the line

    Const PCLIST = "\\PATH\HOSTNAMES.TXT"

    and replace \\PATH\HOSTNAMES.TXT with the pathname of the file containing your list of hosts.

With EventLogScanner.vbs, I can quickly identify errors occurring throughout our network as well as determine if a particular error is simply an anomaly or part of a larger problem that's affecting multiple hosts. It works as is on XP hosts, but you could easily modify it to work on other versions of Windows as well.

Discuss this Article 2

kurtl
on Sep 29, 2010
While SCHELLENGER makes a valid point on the age and condition of XP, it's still going to be with us for a long time to come. Over 95% of my customers are running XP and most will probably only move to 7 through attrition. This is an EXCELLENT tool to add to my diagnostic arsenal.
dschellenger
on Sep 28, 2010
Here we are well into Windows 7 and you are still providing scripts that run as-is for XP. It seems to me that to ecourage the move away from the nearly obsolete, security vulnerable XP you would be offering script that run well as-is on Windows 7, but can be modified to run on earlier OS versions.

Please or Register to post comments.

Related Articles
Upcoming Training

Mastering System Center 2012

During over 6 hours of training you can join John Savill from your computer as he will walk you through the key components and capabilities of System Center 2012, what’s involved in using the components, and the benefit they can bring to your environment.

Register Now

Current Issue

May 2013 - The NameTranslate object is useful when you need to translate Active Directory object names between different formats, but it's awkward to use from PowerShell. Here's a PowerShell script that eliminates the awkwardness.

CURRENT ISSUE / ARCHIVE / SUBSCRIBE

Windows Forums

Get answers to questions, share tips, and engage with the Windows Community in our Forums.

Featured Products
Windows 8 Tips
Windows 8 Tips

You’ve been told that Microsoft has somehow compromised the beloved desktop environment and ruined it with Metro...

VIP - Premium Membership
For the IT Professional that needs access to training, premium content, discounts, and more, joining our VIP group just...
Testing with Visual Studio 2012

June 25th
Presented by: Brian Minisi

EARLY BIRD DISCOUNT -...

View CatalogView Shopping Cart

WindowsITPro.com
Related Sites
Copyright © 2013 Penton Media, Inc