The full command looks like this: for /f "tokens=1,2 delims=," %1 in (c:\servers.txt) do @logparser -i:EVT "SELECT TimeGenerated,EventID,EventType, EventTypeName,EventCategory,EventCategoryName,SourceName, Strings,ComputerName,SID,Message FROM \%1\%2 WHERE TimeGenerated > TO_TIMESTAMP(SUB(TO_INT(SYSTEM_TIMESTAMP()),86400)) AND EventType IN (1;2) ORDER This can be beneficial to other community members reading the thread. RSS ALL ARTICLES FEATURES ONLY TRIVIA Search How-To Geek Fixing "Event Viewer cannot open the event log" When Viewing System Logs As any geek knows, one of the first things Reply alonstar 3 Posts Re: event log corrupted Jan 20, 2010 11:19 AM|alonstar|LINK thanks for your reply, the reference is helpful. weblink

All Forums >> [Networking & Security] >> GFI EventsManager Forum MenuLog in RSS FeedThread Options View Printable PageThread Reading Mode error opening event log Security on machine... Replace "/U+[0-9A-Fa-f]{4}/" with proper unicode character in shell pipeline Can morse code be called steganography? So I got a surprise when I first tried to do this on Longhorn: Logparser -i:EVT "select * from application.evt"Task aborted.Cannot open : Error opening event log "\?D:customerApplication.evt": The event log I want to query the Setup log, not application, system, security.

Cannot open : Error opening event log "\\?\D:\logfile.evt": The event log file is corrupted. March 5, 2011 MoVBNet Just an FYI, the event log service is called Windows Event Log March 18, 2011 Braskeees what were you using 9 USB's for? One way to encourage your customers to provide data in a readable format would be to give them a more automated solution for data gathering.

All I am getting is that and Task Scheduler service is not available. You can follow him on Google+ if you'd like. The remaining options suppress other output (-q:ON) and suppress statistics (-stats:OFF). Created by Anand Khanse.

1) I took ownership of the log files and gave myself full control. 2) I stopped the event log service. 3) I renamed the log files. 4) I restarted the event log service. If it still does not help, run the System File Checker and go through its logs.

Does it work if you export them to .evtx?

Because I need to query around 100 servers the hacks I've found are less than ideal. Specifying the input as EVT gives a file in use error. Dealing with matrices with large symbolic expressions Fired because your skills are too far above your coworkers Should I have doubts if the organizers of a workshop ask me to sign Wevtutil to convert the whole file before query is inefficient and not practical to do this remotely against many machines.

First, we have the ever-useful for /f trick, which here is pulling two parameters from a file called c:\servers.txt. have a peek at these guys share|improve this answer answered Dec 14 '11 at 18:11 the-wabbit 33.2k960120 I am reading the output. You can place these commands in a CMD/BAT file and then schedule that using the AT command, task scheduler or other sceduling tool. April 29, 2011 Ducoci Nice and simple!

more stack exchange communities company blog Stack Exchange Inbox Reputation and Badges sign up log in tour help Tour Start here for a quick overview of the site Help Center Detailed March 18, 2011 Braskeees ps great site April 13, 2011 Andy I followed your steps to save and clear the event logs but after saving get the follow error message: Event This will usually "reset" the log so that future events will be viewable. check over here Thanks Reply Doug Stewart -MSFT says: June 24, 2010 at 4:42 am Unfortunately I don't think there is a way to convert EVTX to any other format if you do not

Microsoft has a KB article about it being corrupt but I've found the F5 refresh key often will allow it to open correctly. The workaround is to convert the log file...a good blog post on it is here:

Windows Event Log Service Not Starting or Running For some unknown reason if you find you are having difficulty starting the following, it is quite possible that one of the reason could

The Windows Club The Windows Club covers Windows 10/8/7 tips, tutorials, how-to's, features, freeware. Windows Event Log Service Not Starting or Running For some unknown reason if you find you are having difficulty starting the following, it is quite possible that one of the reason could That ability, combined with some SQL query syntax and command-line tricks, will give us an automated method for retrieving warning and error events from a user-defined list of servers and event Found the article on event viewer wecutil ( however unsure how to debug.

Now that I've cleared the log, you can see that I'm able to view the events in the System log again.

Extra Note: The problem I was encountering ended up Regards, Mark Busuttil GFI Software Ltd - Messaging, Content Security & Network Security Software GFI: MailEssentials - MailSecurity - MailArchiver - FAXmaker - LANguard – WebMonitor #5 Online Bookmarks PS C:\> .\LogParser.exe "SELECT TOP 3 Message, TimeWritten, SourceName FROM \\NOBODY\System" Message TimeWritten SourceName Service stopped. 2011-11-28 06:03:16 Virtual Disk Service –Craig620 Dec 14 '11 at 18:32 add a comment| Your this content The following error occurred: Overlapped I/O operation is in progress.

Get exclusive articles before everybody else. LogParser, Event Logs, and Vista ★★★★★★★★★★★★★★★ neilcarAugust 15, 20073 Share 0 0 LogParser is one of my absolute favorite tools, particularly for doing incident response. Is there a scenario where this would be useful for you? December 18, 2008 Ola But what if you can't even get Event Log service to start?

The data is invalid (13)"… but the error only happened when trying to open the System log, while the Application log was working just fine, and restarting Event Log or rebooting Query is being made from a 2008 R2 machine, where another post said Logparser would support EVTX files. Cosa significa : a lui fanno capo? October 27, 2009 Fred o.k.

The service exposes functions that allow programs to maintain and manage the event logs and perform operations on the logs, such as archiving and clearing. Since the log format changed from evt to evtx, logparser fails (vista and above). There is an event viewer log in the list called "ForwardedEvents" but I get an error when I click on it: "Unable to complete the operation on "ForwardedEvents" The security descriptor PS C:\> .\LogParser.exe /i:evt "SELECT * FROM \\NOBODY\Setup" Error: Error retrieving files: Error searching for files in folder \\NOBODY\Setup: The network na me cannot be found.

Open Registry Editor and navigate to the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog Double-click ObjectName and ensure that its value is set at NT AUTHORITY\LocalService.

Marked as answer by Dom Edwards Wednesday, March 09, 2011 9:02 AM Wednesday, March 09, 2011 6:08 AM Reply | Quote Moderator All replies 0 Sign in to vote Hi, You may perform the following troubleshooting suggestions: 1. One of the things I use LogParser for is extracting the information I need from my customers' event logs which are often quite large and usually from Windows Server 2003.

