I tend to rely on SCOM to point me at issues occurring in the event logs...don't have to parse them manually any moer
2009/3/6 MarvinC <[email protected]> > Correct but my goal is to compile a list of events across a particular set > of servers to help in establishing a "pattern" for recurring issues. So say > I have a cluster of servers that are experiencing high CPU issues and I need > to know what event ID's were common on those servers. This gives me > something I can compare side by side and keeps me from having to scan > through each server's log. > > > > On Fri, Mar 6, 2009 at 9:54 AM, Michael B. Smith < > [email protected]> wrote: > >> Logparser and “select unique”. Or something of the same nature. >> >> >> >> I aggregate my logs, but I do so differently…looking at a single instance >> doesn’t necessary tell you of the severity of a situation. >> >> >> >> *From:* MarvinC [mailto:[email protected]] >> *Sent:* Friday, March 06, 2009 9:45 AM >> *To:* NT System Admin Issues >> *Subject:* Locating and listing event IDs >> >> >> >> Anyone have a script or method for listing event IDs? With any server >> you're gonna have a slew of events well what I want to do is list the single >> instance of each event. So lets say I have 400 warning for event ID: 9646, >> several for event ID: 333, 50 for event ID: 1023. Well I would want to grab >> the following: >> >> >> >> Type Date Time Source Category Event >> User Computer >> Error 1/1/2009 12:00 Crypt32 None 8 >> N/A Server1 >> >> Error 2/1/2008 1:00 EXCDO General 8199 >> N/A Server2 >> >> >> >> So instead of seeing multiple instances of the alerts I only see the >> single instance. >> >> >> >> Any responses appreciated. >> >> >> >> >> >> >> >> >> >> >> > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
