Event Log Explorer blog

Case study – A new way to get regular reports about the problems.

Several years ago, I wrote an article about generating weekly reports about network issues. The main drawback of that method was the requirement to have Event Log Explorer running all the time (or at least running by the time when the scheduled task should be started).  Since that time, we released new versions and editions of Event Log Explorer and now we can get the same result in a smarter way.

Let’s take the same task – getting reports about non-informational events in Application and System logs from different servers. 

First, you need to install Event Log Explorer Enterprise Edition since Logexport utility is not available in Standard Edition.

After running Event Log Explorer, we should create a task which collects all non-informational events for the last 7 days. We can make this task from scratch, but we have template for this task (Admin events).

In the Objects tree browse for Task templates->Administrative and double click on Admin events.

Create task from template window will appear.

You can change the task name and task folder, but I will leave the default values.

Click Next and on Computer tab add your servers to the list

I will add only 2 servers, you can add any number of them.

You can optionally click Test connectivity button to check if the servers are accessible.

Click Next to proceed to the Logs page. Application and System logs are already in the list, but you can add extra logs. Click Next to proceed to the Filter page.

I will not change the filter setting taken from template, but you can modify them as you wish (e.g. change time interval to 1 day or exclude Waring events).

Click Next to review the column settings and then click Next again for the last step.

Now you should export your task into a file.

Consider that you have C:\Tasks folder for the task and exported documents, click Save button to save your task as “C:\Tasks\Admin Events.xml”.

Click Finish button – this will also create the task in the Objects tree.

Doubleclick on the task in the tree to review the events.

Open Command Prompt (or Windows Power Shell) and export task events to Excel

Type

"C:\Program Files (x86)\Event Log Explorer\logexport.exe" /TASK:"C:\Task\Admin Events.xml" /TARGET:EXCEL /TDIR:"C:\Tasks"

Open the Excel document in C:\Tasks folder and make sure that it’s correct.

Now we can schedule the task.

E.g. to start it every Monday at 7:00 AM type this command:

SCHTASKS /Create /TN "Event Log Explorer Tasks\TaskAdminEvents_Export"  /TR "'C:\Program Files (x86)\Event Log Explorer\logexport.exe' /FORMAT:Excel /Task:'C:\Tasks\Admin Events.xml' /TDir:'C:\Tasks'" /SC Weekly /D Mon /ST 08:00 /RU Michael /RP *********

That’s it, the task is scheduled to 8:00 every Monday. You can use Windows Task Scheduler to modify or verify the task.

It is important to specify the username and password using /RU and /RP parameters since the task should be started even if no user logged on your OC. Alternatively you can start the task under System account, but provide the credentials as command-line parameters for logexport.exe. In this case you can use the following command to create the task:

SCHTASKS /Create /TN "Event Log Explorer Tasks\TaskAdminEvents_Export"  /TR "'C:\Program Files (x86)\Event Log Explorer\logexport.exe' /FORMAT:Excel /Task:'C:\Tasks\Admin Events.xml' /TDir:'C:\Tasks' /User:FSPro\Michael /Password:**********" /SC Weekly /D Mon /ST 08:00 /RU System

Note that since you scheduled the task to start under the System account, you should run this command elevated (start Command Prompt or PowerShell as Admin).

Now you can run the task e.g. using Task Scheduler to make sure that it works correctly.

Download Event Log Explorer right now to build scheduled reports about problems in your network!

Exit mobile version