EventViewer switch to specify directory to read logs from?

[Guest]

Is there a command line switch available for the EventViewer which will allow
me to specify which directory to view the available logs from?

I will have multiple workstations writing to a mirrored set of really large
flash drives. The workstations will write to their specific standard .evt
files. I need to be able to start EventViewer and specify which
workstations's logs to go view at startup.

Is this possible w/o creating my own custom EventViewer?

 

[Tom Porterfield]

Is there a command line switch available for the EventViewer which will allow
me to specify which directory to view the available logs from?

I will have multiple workstations writing to a mirrored set of really large
flash drives. The workstations will write to their specific standard .evt
files. I need to be able to start EventViewer and specify which
workstations's logs to go view at startup.

Is this possible w/o creating my own custom EventViewer?

This is not really a csharp question. Looking at the help file for the
Event Viewer, there is the following:

Open Command Prompt.
Type:
eventquery[.vbs] [-?] [-s Computer [-u Domain\User [-p Password]]] [-fi
FilterName ] [-fo {TABLE|LIST|CSV}] [-r EventRange [-nh] [-v] [-l
{APPLICATION|SYSTEM|SECURITY|"DNS Server"|LOG|DirectoryLogName|*}]

Value Description
-? Displays Help on Eventquery.vbs
-s Computer Specifies the name of one or more remote computers (no
backslashes). The default is the local computer.
-u Domain\User This is used when a password is required.
-p Password This is used when required by network security policy.
-fi FilterName Specifies the types of events to include in or exclude
from the query.
-fo {TABLE|LIST|CSV} The format to use for the output.
-r EventRange The range of events to list.
-nh Supresses column headers in the output of table and .csv formats.
-v Specifies that verbose task information be displayed in the output.
-l {APPLICATION|SYSTEM|SECURITY|"DNS Server"|LOG|DirectoryLogName|*}
Specifies the logs to monitor.

Notes

To open a command prompt, click Start, point to All Programs, point to
Accessories, and then click Command Prompt.
To view the complete syntax for this command, at a command prompt, type:

eventquery.vbs -?

The other computer can be a workstation running Windows XP Home Edition,
Windows XP Professional, Windows 2000 Professional, or Windows NT
Workstation, or a server or domain controller running Windows 2000
Server, Windows NT Server, or a LAN Manager 2.x server.
The following are valid for use with the -fi FilterName value:

Datetime eq, ne, ge, le, gt, lt mm/dd/yy(yyyy), hh:mm:ssAM(/PM)
Type eq, ne ERROR|INFORMATION|WARNING|SUCCESSAUDIT|FAILUREAUDIT
ID eq, ne, ge, le, gt, lt non-negative integer
User eq, ne Any valid string.
Computer eq, ne Any valid string.
Source eq, ne Any valid string.
Category eq, ne Any valid string

 

[Guest]

Tom,

MS Conceirge Chat sent me here. I didn't quite know where to post so I
chose the language I'm working with. If there is a better spot, please
advise.

In regards to the Help file. I've been there and done that one. Not quite
what I need. I don't need to specify a different computer. I need to
specify where on a drive the logs are for EventViewer to go look at.

Still looking...

Thanks
CD

Is there a command line switch available for the EventViewer which will allow
me to specify which directory to view the available logs from?

I will have multiple workstations writing to a mirrored set of really large
flash drives. The workstations will write to their specific standard .evt
files. I need to be able to start EventViewer and specify which
workstations's logs to go view at startup.

Is this possible w/o creating my own custom EventViewer?

This is not really a csharp question. Looking at the help file for the
Event Viewer, there is the following:

Open Command Prompt.
Type:
eventquery[.vbs] [-?] [-s Computer [-u Domain\User [-p Password]]] [-fi
FilterName ] [-fo {TABLE|LIST|CSV}] [-r EventRange [-nh] [-v] [-l
{APPLICATION|SYSTEM|SECURITY|"DNS Server"|LOG|DirectoryLogName|*}]

Value Description
-? Displays Help on Eventquery.vbs
-s Computer Specifies the name of one or more remote computers (no
backslashes). The default is the local computer.
-u Domain\User This is used when a password is required.
-p Password This is used when required by network security policy.
-fi FilterName Specifies the types of events to include in or exclude
from the query.
-fo {TABLE|LIST|CSV} The format to use for the output.
-r EventRange The range of events to list.
-nh Supresses column headers in the output of table and .csv formats.
-v Specifies that verbose task information be displayed in the output.
-l {APPLICATION|SYSTEM|SECURITY|"DNS Server"|LOG|DirectoryLogName|*}
Specifies the logs to monitor.

Notes

To open a command prompt, click Start, point to All Programs, point to
Accessories, and then click Command Prompt.
To view the complete syntax for this command, at a command prompt, type:

eventquery.vbs -?

The other computer can be a workstation running Windows XP Home Edition,
Windows XP Professional, Windows 2000 Professional, or Windows NT
Workstation, or a server or domain controller running Windows 2000
Server, Windows NT Server, or a LAN Manager 2.x server.
The following are valid for use with the -fi FilterName value:

Datetime eq, ne, ge, le, gt, lt mm/dd/yy(yyyy), hh:mm:ssAM(/PM)
Type eq, ne ERROR|INFORMATION|WARNING|SUCCESSAUDIT|FAILUREAUDIT
ID eq, ne, ge, le, gt, lt non-negative integer
User eq, ne Any valid string.
Computer eq, ne Any valid string.
Source eq, ne Any valid string.
Category eq, ne Any valid string

 

[Walter Wang [MSFT]]

Hi CD,

As far as I know, you can only open an .evt file from Event Viewer
interface, it's also required to specify the file's log type
(application/security/system, etc.)

Sorry I cannot help much since it's not a development related question. You
may want to try other newsgroups such as windowsxp.general.


Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.