I found a free tool from Microsoft that lets you search for event log entries across your network. It was released quite some time ago, but still works with the newest versions of Windows.
It is part of a download package called Security Guide Scripts Download.
You can get it from here:
Security Guide Scripts Download Link
Unpack the files to a temporary folder, and you will find the tool under SecurityOps\EventComb.
Launch it from the main application icon:
It gives you a huge number of options…almost overwhelming at first. The first thing you will want to do is select the computers you want to search. Right click the computer listing box in the top left of the window:
Pick your method for loading in the list of computers. Once you have the computers you want to search, then select your criteria…are you looking for a specific event id, or looking for a string of text in the event?
Notice it will event allow you to pick how far back to go…it defaults to searching the entire log.
Next, pick the event logs that you want to search:
Click search, and let it rip
When it is finished, it will save its output to c:\temp…for each computer that has a match, you will get a text file with all of the event log entries:
When you open the text file, it will have every log entry that matches your search.
This little utility can be a real time saver. Best of all it is totally free – it beats going from computer to computer to look through your event logs.
One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools
{ 1 trackback }
{ 3 comments… read them below or add one }
Very cool utility Steve…thanks for the tip
Steve,
Does this work with Windows 2008?
Yes it does. Just need to make sure an exception is in the firewall for file and printer sharing.