Eventlog Dump
Eventlog Dump is a simple batch utily. Eventlog Dump reads a remote NT/2000 eventlog and dumps it into a comma delimited, tab delimited, or XML file.
The full Delphi source code is included and no installation program is needed.
Download
Eventlog Dump(source code included) v0.1.1 [200 KB] |
NO WARRANTY
ANY USE BY YOU OF THE SOFTWARE IS AT YOUR OWN RISK. THE
SOFTWARE IS PROVIDED FOR USE "AS IS" WITHOUT WARRANTY OF
ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE
SOFTWARE'S CREATOR DISCLAIMS ALL WARRANTIES OF ANY
KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, IMPLIED WARRANTIES OR CONDITIONS OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
THE SOFTWARE'S CREATOR IS NOT OBLIGATED TO PROVIDE
ANY UPDATES OR UPGRADES TO THE SOFTWARE. THE INCLUDED
SOURCE CODE MAY BE MODIFIED AND DISTRIBUTED FOR NON-PROFIT
USE ONLY.
ANY USE BY YOU OF THE SOFTWARE IS AT YOUR OWN RISK. THE
SOFTWARE IS PROVIDED FOR USE "AS IS" WITHOUT WARRANTY OF
ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE
SOFTWARE'S CREATOR DISCLAIMS ALL WARRANTIES OF ANY
KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, IMPLIED WARRANTIES OR CONDITIONS OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
THE SOFTWARE'S CREATOR IS NOT OBLIGATED TO PROVIDE
ANY UPDATES OR UPGRADES TO THE SOFTWARE. THE INCLUDED
SOURCE CODE MAY BE MODIFIED AND DISTRIBUTED FOR NON-PROFIT
USE ONLY.
Instructions
Run Eventlog Dump from the command prompt specifying the remote computer, log name, the output file, and optionally the type of file to create. By default, a comma delimited file is created. Run Eventlog Dump without and parameters to see a help screen on it's usuage.
The following example reads the application log of SERVER1 and places the results in an XML file called output.xml.
eventlogcop SERVER1 Application output.xml XML
File Format
The fields that Eventlog Dump reports are as follows:
RecordNumber, TimeGenerated, TimeWritten, EventID, EventType,
EventCategory, Source, ComputerName, Description
EventCategory, Source, ComputerName, Description
The TimeGenerated and TimeWritten are the seconds since Seconds since 1-1-1970. Multi-line descriptions are concatenated into a single line.
For a COMMA delimited file, all fields are enclosed in double quotes and any double quotes in a field's contents are replaced by single quotes.
For a TAB delimited file, a tab in a field's contents are replaced by a single space.
For XML, less than, greater than, ampersans, and copyright symbols are replaced by their XML or unicode equivilant entitiy. > < & ©
Known Problems
XML output may contain illegal high ascii characters. The copyright symbol is replaced by it's unicode version, but other characters are not currently handled.
NOTE: The program must be run under an account that has permission to read the logs of the remote machines. If you can't connect to a remote machine using NT's Eventlog program, neither can Eventlog Dump.