Search Multiple Event Logs across Multiple Servers – EventCombMT.exe

Found this neat little tool from the peeps at Microsoft, available for download as part of the Account Lockout and Management Tools – https://www.microsoft.com/en-gb/download/details.aspx?id=18465. The tool allows you to search for specific details (Event IDs, Sources etc) across multiple event logs over multiple servers at lightning spends.

It’s pretty simple to use and the following example searches for servers affected with the Event 1069 Issue.

Once downloaded run EventCombMT.exe

Click Options, Set Output Directory – C:\Temp\Event1069

Click Options, Select Only Get One Matching Event – this speeds up the search process as typically 1 event means there is an issue.

Click Options, Set Date Range, specify a suitable period as this also speeds up the search process.

Domain will auto populate with a logged in domain user, if not just add the domain FQDN.

—-
All other options should match above screenshot

Right Click the Highlighted Section above and Select Get Servers From File

Select C:\Temp\Event1069\Servers.txt (easier to have a text file with the full list for hundreds of servers)

Click Searches > Save This Search > 1069 – This will save the search for future use.

Click Search

Click Yes on the Left message

Once complete, open folder C:\Temp\Event1069 and see if any files have been generated.

Simples

Christopher Tracy

December 18, 2024
Stadia has recently graduated from the AWS Accelerated Development Program 
November 14, 2024
Proud Sponsors of Chelmsford City FC
Share by: