Scribd Logo
Carica

Benvenuto in Scribd!

  • Export Events Including Event Properties From Windows Event Viewer

    Caricato da

    rene_sgr
    157 visualizzazioni3 pagine
    The document discusses using the eventquery.vbs script to export event properties from the Windows Event Viewer System log. Specific filters are used to export print job information for a print accounting solution. Event data including user, document name, size, and pages printed is output to a CSV file for further analysis and creating a simple print accounting report.

    Descrizione originale:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    The document discusses using the eventquery.vbs script to export event properties from the Windows Event Viewer System log. Specific filters are used to export print job information for a print accounting solution. Event data including user, document name, size, and pages printed is output to a CSV file for further analysis and creating a simple print accounting report.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    157 visualizzazioni3 pagine

    Export Events Including Event Properties From Windows Event Viewer

    Caricato da

    rene_sgr
    The document discusses using the eventquery.vbs script to export event properties from the Windows Event Viewer System log. Specific filters are used to export print job information for a print accounting solution. Event data including user, document name, size, and pages printed is output to a CSV file for further analysis and creating a simple print accounting report.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 3

    Export events including Event Properties from Windows Event Viewer

    http://pario.no/2009/05/13/exporting-events-including-event-properties-f...

    Pario TechnoBlob (http://pario.no)


    A cronological documentation test project, nothing serious, really!

    Export events including Event Properties from Windows Event Viewer


    Posted May 13th, 2009 by Hans-Henry Jakobsen (http://pario.no/author/admin/) & filed under Scripting (http://pario.no/category/scripting/), Windows (http://pario.no/category/windows/).
    This post came to life after a request to produce an overview of how many prints every user produced on a special printer from our print server. Since we have no print accounting software installed on our Windows 2003 Server I had to come up with a new solution to this problem. The actual print accounting part will be posted in another post The solution I came up with was to enable auditing on printing and then gather information from the System log in the Event Viewer. But first I had to export the necessary data from the Event Viewer since a normal export using the Export List function by right clicking a log would not give me a good enough detail level including Event Properties.

    Search

    Tags
    awk (http://pario.no/tag/awk/) bash (http://pario.no/tag/bash/) Database (http://pario.no/tag/database/) Debian (http://pario.no/tag/debian/) EXIF (http://pario.no/tag/exif/) Fedora (http://pario.no/tag/fedora/) find (http://pario.no/tag/find/) Gentoo (http://pario.no/tag/gentoo/) grep (http://pario.no/tag/grep/) howto (http://pario.no/tag/howto/) iptables (http://pario.no/tag/iptables/) JPG (http://pario.no/tag/jpg/) MySQL (http://pario.no/tag/mysql/) perl (http://pario.no/tag/perl/) PHP (http://pario.no/tag/php/) RedHat (http://pario.no/tag/redhat/) sed (http://pario.no/tag/sed/) ssh (http://pario.no/tag/ssh/) Ubuntu (http://pario.no/tag/ubuntu/) Zimbra (http://pario.no/tag/zimbra/)

    Categories
    Backup (http://pario.no /category/backup-2/) Linux (http://pario.no /category/linux/) Misc (http://pario.no /category/misc/) Network (http://pario.no After some research I found a Windows tools called eventquery.vbs which is located in the windows/system32 folder on most Windows PCs. Its a script that lists the events and event properties from one or more event logs. Export log info This is the switches I used to export Event Viewer events from System /category/network/) Photo etc (http://pario.no /category/photo-etc/) Scripting (http://pario.no /category/scripting/) Security (http://pario.no

    1 de 3

    02/08/2013 10:11 a.m.

    Export events including Event Properties from Windows Event Viewer


    Information" /fi "Source eq Print" /fi "ID eq 10" /v /fo csv > Event_Viewer_System.csv

    http://pario.no/2009/05/13/exporting-events-including-event-properties-f... /category/security/) Virtualization (http://pario.no /category/virtualization/) Web (http://pario.no /category/web/) Windows (http://pario.no /category/windows/)
    /l System

    cscript c:\windows\system32\eventquery.vbs /fi "Type eq

    The syntax I used was to filter (/fi) out Events equal the type Information filter out Source equal to Print filter out ID equal 10 and have a verbose (/v) output from the System log (/l System) output as comma separated file (/fo) and redirect the result to a file > filename.csv More info about the eventquery.vbs tool can be found by following the link under Sources. The result from this export can look something like this
    "Information","10","12.05.2009 13:24:48","Print","Servername","None","AD\username","Document 232, filename.pdf owned by username was printed on printername via port IP_192.168.0.254. Size in bytes: 279232; pages printed: 1"

    Recent Comments
    Hans-Henry Jakobsen on nslookup-scan of IP-range/subnet (http://pario.no/2007/09 /04/nslookup-scan-ofip-rangesubnet/commentpage-1/#comment-305) Pigeo on nslookup-scan of IP-range/subnet (http://pario.no/2007/09 /04/nslookup-scan-ofip-rangesubnet/commentpage-1/#comment-304) Hans-Henry Jakobsen on Rename AVCHD files using Exiftools (http://pario.no /2012/07/17/rename-avchdfiles-using-exiftools/commentpage-1/#comment-303) Hans-Henry Jakobsen on Enable secure / https SSL login on mediaWiki 1.13.3 (http://pario.no/2009/01 /30/enable-secure-ssl-loginon-mediawiki/commentpage-1/#comment-302) eskp on Enable secure / https SSL login on mediaWiki 1.13.3 (http://pario.no/2009/01 /30/enable-secure-ssl-loginon-mediawiki/commentpage-1/#comment-301)

    If you look at the image below youll understand where I got the filter type info from.

    Meta
    Register (http://pario.no /wp-login.php?action=register) 2 de 3

    02/08/2013 10:11 a.m.

    Export events including Event Properties from Windows Event Viewer

    http://pario.no/2009/05/13/exporting-events-including-event-properties-f... Log in (http://pario.no /wp-login.php) Entries RSS (Really Simple


    Syndication) (http://pario.no

    These data now gives me the opportunity to filter out the data I need to create a simple print accounting on my users, and that is posted in the post named Simple Windows Print Accounting using Event Viewer data (http://pario.no /2009/05/15/simple-windows-print-accounting-using-event-viewer-data/). Source: eventquery.vbs (http://technet.microsoft.com/en-us/library /bb490900.aspx) This post can also be used to export from any Event Viewer data log like Application, Security, Internet Explorer or other logs you have on your system. Tags: cscript (http://pario.no/tag/cscript/)
    Event Properties (http://pario.no/tag/event-properties/) Event Viewer (http://pario.no/tag/event-viewer/) eventquery.vbs (http://pario.no/tag/eventqueryvbs/)

    /feed/) Comments RSS (Really Simple


    Syndication) (http://pario.no

    /comments/feed/) WordPress.org (http://wordpress.org/)

    Leave a Reply
    Name *

    Mail (not published)*

    Website

    Submit Comment Notify me of follow-up comments by email. Notify me of new posts by email. 320press (http://320press.com

    3 de 3

    02/08/2013 10:11 a.m.

    Potrebbero piacerti anche