locked
filtering logs using Wevtutil RRS feed

  • Question

  • Hi,

    I am using Wevtutil to filter logs.

    I want to filter logs where eventdata section contains specfic string.

    but filter only seems to provide = when comparing string values.

    I have event data ="service started on may 10" and i hv seach string "service started"

    I am using following querry

    C:\Users\v-chamah>wevtutil /r:dilipvhdmachine  qe Application /c:5 "/q:*[EventDa
    ta[Data='service started']]"  /rd:true /f:text

     

    how to change it to return the log with above data.


    chandan mahajan
    Tuesday, July 27, 2010 3:05 PM

Answers

  • Hi

     

    Thank you for your post!

     

    I recommend you read this document for further research http://technet.microsoft.com/en-us/library/cc732848(WS.10).aspx

     

    Regards,

    Miya Yao

    • Marked as answer by Robinson Zhang Wednesday, August 11, 2010 10:47 AM
    Monday, August 2, 2010 6:26 AM
  • Thanks.

    I found Windows Event reader class very efficient in .net 3.5.

    Through this we can fire xpath query the same way weventutil does.

    The only depdendency for this is put the remote event log reader in the fire wall exceptions list and adding the user to event log reader user group.

     


    chandan mahajan
    • Marked as answer by Nhancers Monday, October 25, 2010 5:40 AM
    Monday, October 25, 2010 5:40 AM

All replies

  • Hi

     

    Thank you for your post!

     

    I recommend you read this document for further research http://technet.microsoft.com/en-us/library/cc732848(WS.10).aspx

     

    Regards,

    Miya Yao

    • Marked as answer by Robinson Zhang Wednesday, August 11, 2010 10:47 AM
    Monday, August 2, 2010 6:26 AM
  • Thanks.

    I found Windows Event reader class very efficient in .net 3.5.

    Through this we can fire xpath query the same way weventutil does.

    The only depdendency for this is put the remote event log reader in the fire wall exceptions list and adding the user to event log reader user group.

     


    chandan mahajan
    • Marked as answer by Nhancers Monday, October 25, 2010 5:40 AM
    Monday, October 25, 2010 5:40 AM