#166802 - 2006-09-04 02:40 PM
Deleting Events from the .EVT file
|
AstaaLavista
Starting to like KiXtart
Registered: 2005-08-11
Posts: 111
Loc: Gujarat, India.
|
Hi, I m back with a query . From KiXtart, is it possible to delete an event from the event file(.evt)? If yes, please let me know how?
|
Top
|
|
|
|
#166803 - 2006-09-04 02:59 PM
Re: Deleting Events from the .EVT file
|
Björn
Korg Regular
Registered: 2005-12-07
Posts: 953
Loc: Stockholm, Sweden.
|
is it this you're looking for? Code:
ClearEventLog( ) Action: Clears up a Windows NT eventlog. Syntax: CLEAREVENTLOG ("eventlog") Parameter: Eventlog
String indicating the eventlog to clear. By default, Windows NT supports three eventlogs: "Application", "Security" and "System". Optionally, the string can include the name of a remote system on which to clear the log.
Returns: 0 Eventlog cleared >0 Errorcode See Also: BackupEventLog( ), LogEvent( ) Examples:
$rc=ClearEventLog("Application") $rc=ClearEventLog("\\PDC\Application") $rc=ClearEventLog("System")
Edited by Björn (2006-09-04 03:00 PM)
|
Top
|
|
|
|
#166804 - 2006-09-04 03:27 PM
Re: Deleting Events from the .EVT file
|
Les
KiX Master
Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
|
Quote:
is it possible to delete an event
He's talking about a single event, not the entire log.
|
Top
|
|
|
|
#166805 - 2006-09-04 03:28 PM
Re: Deleting Events from the .EVT file
|
AstaaLavista
Starting to like KiXtart
Registered: 2005-08-11
Posts: 111
Loc: Gujarat, India.
|
This deletes the entire event log which I dont want i actually want to delete only some specific Event IDs.
|
Top
|
|
|
|
#166808 - 2006-09-04 05:37 PM
Re: Deleting Events from the .EVT file
|
AstaaLavista
Starting to like KiXtart
Registered: 2005-08-11
Posts: 111
Loc: Gujarat, India.
|
I m currently entrusted with the responsibility of checking SECURITY event log for any malicious activity. For e.g. Event ID 560 comes under the Failure Security log, but it is an utter useless thing. The EVT file for one day has a size of around 500 MB. Imagine my plight; so i want to automate this process.
|
Top
|
|
|
|
#166813 - 2006-09-04 11:19 PM
Re: Deleting Events from the .EVT file
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11624
Loc: CA
|
Account Lockout and Management Tools http://www.microsoft.com/downloads/detai...;displaylang=en
Includes EventCombMT.exe Gathers specific events from event logs of several different machines to one central location.
|
Top
|
|
|
|
#166815 - 2006-09-06 05:41 PM
Re: Deleting Events from the .EVT file
|
AstaaLavista
Starting to like KiXtart
Registered: 2005-08-11
Posts: 111
Loc: Gujarat, India.
|
Quote:
Maybe you can convince the person exporting the event log to a file to export it to csv (tab or comma delimited). The event logs can easily be exported like this because it is a build in option when saving the event log to a file.
Converting to a CSV file is not an issue. Actually the person was providing me with the CSV file; but the CSV file didnt contain the entire data. My EVT file contains more 10 million rows which is not possible to save as a CSV file. I tried to use the FILTER facility available with the event viewer, but it does not provide the NOT facility; i.e. I cant check what are the other events apart from event ID 560.
I have also checked the link, it is the same one mentioned earlier.
|
Top
|
|
|
|
#166820 - 2006-09-06 07:22 PM
Re: Deleting Events from the .EVT file
|
AstaaLavista
Starting to like KiXtart
Registered: 2005-08-11
Posts: 111
Loc: Gujarat, India.
|
Today is my bad day Tried copying the contents to another file... but i m getting a weird error: "Error (317 / 13D) while retrieving error information for FFFFFFFC". The sole link in google help points to some disussion in which Joel is involved.
|
Top
|
|
|
|
#166821 - 2006-09-06 07:42 PM
Re: Deleting Events from the .EVT file
|
AstaaLavista
Starting to like KiXtart
Registered: 2005-08-11
Posts: 111
Loc: Gujarat, India.
|
Following is the code: (File1.txt exists !) Code:
BREAK ON DEBUG ON
$InputFile = "file1.txt" $OutputFile = "file2.txt" $counter = 0
$Handle1 = FreeFileHandle() $Handle2 = FreeFileHandle()
If Open($Handle2, $OutputFile,5) = 0 ? "Counter value: " + $counter Else beep Endif
If Open($Handle1, $InputFile,2) = 0 $x = ReadLine($Handle1) While @ERROR = 0 $counter = $counter + 1 ? "Line read: [" + $x + "]" $y = INSTR($x, "1102") If ($y!=0) $z = WriteLine($Handle2,$x) EndIf $x = ReadLine($Handle1) Loop ? $counter ? @SERROR $rc=Close ($Handle1) Else ? @SERROR Beep EndIf
$rc=Close($Handle2)
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 366 anonymous users online.
|
|
|