I agree with Michael's response based on usefulness, but depending on your scripting ability, you can do something like this in Powershell or VB. This sounds very similar to a custom report for an SMTP connector I wrote a while back; it looks for a single instance (user sending/receiving) and then tabulates data for that user. I imagine the same logic would apply to what you are trying to do with event logs.
Basically you create a custom object that includes all the information you want along with an index number attribute and for each item you process you search the custom object list and return the index if it exists or null if it doesn't. Then you either add the data to the existing object at the returned index or create a new object. Good luck, I am curious if you are using this simply for audits or for actual routine log analysis. -troy -----Original Message----- From: MarvinC [mailto:[email protected]] Sent: Friday, March 06, 2009 6:45 AM To: NT System Admin Issues Subject: Locating and listing event IDs Anyone have a script or method for listing event IDs? With any server you're gonna have a slew of events well what I want to do is list the single instance of each event. So lets say I have 400 warning for event ID: 9646, several for event ID: 333, 50 for event ID: 1023. Well I would want to grab the following: Type Date Time Source Category Event User Computer Error 1/1/2009 12:00 Crypt32 None 8 N/A Server1 Error 2/1/2008 1:00 EXCDO General 8199 N/A Server2 So instead of seeing multiple instances of the alerts I only see the single instance. Any responses appreciated. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
