#166843 - 2006-09-08 07:29 PM
Re: Deleting Events from the .EVT file
|
Witto
MM club member
Registered: 2004-09-29
Posts: 1828
Loc: Belgium
|
I think Astaa said my script failed most probably because the file he has is UNICODE format. Does anyone know about a UNICODE to ANSI convertor? I think there is WiToAnsi.vbs in Windows® Server 2003 R2 Platform SDK Full Download
|
Top
|
|
|
|
#166844 - 2006-09-08 08:03 PM
Re: Deleting Events from the .EVT file
|
Lonkero
KiX Master Guru
Registered: 2001-06-05
Posts: 22346
Loc: OK
|
just shell out: Code:
shell "%comspec% /c type theFile.txt > theFileInANSI.txt"
|
Top
|
|
|
|
#166845 - 2006-09-08 09:40 PM
Re: Deleting Events from the .EVT file
|
Witto
MM club member
Registered: 2004-09-29
Posts: 1828
Loc: Belgium
|
Whaaw, simple as that? Astaa...??? Code:
If NOT @LOGONMODE Break ON EndIf Dim $SO $SO = SetOption("Explicit","On") $SO = SetOption("NoMacrosInStrings","On") $SO = SetOption("NoVarsInStrings","On") $SO = SetOption("WrapAtEOL","On")
Dim $InputFile, $OutputFile, $Handle1, $Handle2, $Line $InputFile = "file1.txt" $OutputFile = "file2.txt"
;Open first file for read, if fails, end code $Handle1 = FreeFileHandle() If Open($Handle1,$InputFile,2) = 0 ;Open second file for write, if fails, close first file, end code $Handle2 = FreeFileHandle() If Open($Handle2,$OutputFile,5) = 0 ;Read line after line until error code indicates there are no lines anymore $Line = ReadLine($Handle1) While @ERROR = 0 ;If NOT event 560 occurred, write line to second file If NOT Split($Line,",")[5] = "560" $SO = WriteLine($Handle2,$Line + Chr(13) + Chr(10)) EndIf $Line = ReadLine($Handle1) Loop ;Close files $SO = Close($Handle1) $SO = Close($Handle2) Else $SO = Close($Handle1) ? "Error opening File2" ? "Error " + @ERROR + ": " + @SERROR EndIf Else ? "Error opening File1" ? "Error " + @ERROR + ": " + @SERROR EndIf
|
Top
|
|
|
|
#166846 - 2006-09-09 05:59 PM
Re: Deleting Events from the .EVT file
|
AstaaLavista
Starting to like KiXtart
Registered: 2005-08-11
Posts: 111
Loc: Gujarat, India.
|
Thanks to everybody for their help
Unfortunately, i will have to do the entire process manually. Exported info from Event Viewer does not contain the description section which means I have to check each & every event row for the description. There is some respite however. Open the evt file in the event viewer - set a FILTER in the properties tab - it will take some to display the result!
|
Top
|
|
|
|
#166847 - 2006-09-11 06:22 PM
Re: Deleting Events from the .EVT file
|
AstaaLavista
Starting to like KiXtart
Registered: 2005-08-11
Posts: 111
Loc: Gujarat, India.
|
Hey Guys, i have got some breakthrough.... if this works then the entire process can be automated.
There is a eventquery.vbs script in Windows\System32 folder which can be used for capturing specific event related information. I was able to retrieve event info on my computer, i.e. from my local eventviewer.
here is the code written in a batch file...(sorry i cud not complete in KiXtart)
CD %~dp0 cscript eventquery.vbs /v /FI "Id eq 517" /FO CSV /l Security > 517.csv cscript eventquery.vbs /v /FI "Id eq 528" /FO CSV /l Security > 528.csv
Following code prints at the screen Code:
SHELL 'cscript eventquery.vbs /v /FI "Id eq 517" /FO CSV /l Security'
In the event viewer there is a provision for adding an EVT file as well. eventquery also takes a USER DEFINED LOG as an input...(i m really happy about this... ) so i created this registry value:
HKLM\System\CurrentControlSet\Services\EventLog\\File with type REG_SZ and with the value
After doing this, I cud see an entry in Event viewer along with Application, System & Security. But unfortunately the following command still doesnt work:
cscript eventquery.vbs /l . If this works then any STANDALONE EVT file can be queried directly. Has anybody tried the above ???
|
Top
|
|
|
|
#166848 - 2006-09-11 06:47 PM
Re: Deleting Events from the .EVT file
|
Lonkero
KiX Master Guru
Registered: 2001-06-05
Posts: 22346
Loc: OK
|
how about: http://www.sysinternals.com/Utilities/PsLogList.html
it can dump the contest of previously saved file... has filter/exclude switches etc...
|
Top
|
|
|
|
#166849 - 2006-09-11 07:03 PM
Re: Deleting Events from the .EVT file
|
AstaaLavista
Starting to like KiXtart
Registered: 2005-08-11
Posts: 111
Loc: Gujarat, India.
|
Dear Joel, it does not read EVT files; secondly my stupid company wont allow a freeware because of the audit....
|
Top
|
|
|
|
#166852 - 2006-09-11 08:22 PM
Re: Deleting Events from the .EVT file
|
Lonkero
KiX Master Guru
Registered: 2001-06-05
Posts: 22346
Loc: OK
|
k, that's better excuse
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 530 anonymous users online.
|
|
|