Found this neat little tool from the peeps at Microsoft, available for download as part of the Account Lockout and Management Tools – https://www.microsoft.com/en-gb/download/details.aspx?id=18465. The tool allows you to search for specific details (Event IDs, Sources etc) across multiple event logs over multiple servers at lightning spends.
It’s pretty simple to use and the following example searches for servers affected with the Event 1069 Issue.
Once downloaded run EventCombMT.exe
Click Options, Set Output Directory – C:\Temp\Event1069
Click Options, Select Only Get One Matching Event – this speeds up the search process as typically 1 event means there is an issue.
Click Options, Set Date Range, specify a suitable period as this also speeds up the search process.
Domain will auto populate with a logged in domain user, if not just add the domain FQDN.
—-
All other options should match above screenshot
Right Click the Highlighted Section above and Select Get Servers From File
Select C:\Temp\Event1069\Servers.txt (easier to have a text file with the full list for hundreds of servers)
Click Searches > Save This Search > 1069 – This will save the search for future use.
Click Search
Click Yes on the Left message
Once complete, open folder C:\Temp\Event1069 and see if any files have been generated.
Simples
Christopher Tracy
The post Search Multiple Event Logs across Multiple Servers – EventCombMT.exe appeared first on SCG - Stadia Consulting Group.
Stadia Consulting Group
8 Prykes Drive, Chelmsford, Essex CM1 1TP
All Rights Reserved | Stadia Consulting Group Ltd