MS Access for the Business Environment: Analyze and Report from the Windows Event Log, Part I - Page 3
March 1, 2004
The Event Log Query Tool
Microsoft Windows 2000 Server Resource Kit is the official home for the Event Log Query tool, otherwise known as Elogdmp.exe ("Elogdmp"). Elogdump requires a bit of practice to make it fit the needs of some, but it readily fills our immediate objective of exporting the data to a dump file we can easily import to MS Access. With the investment of a little development time, a macro / script can be assembled to call the tool for regularly scheduled exports of the logs to meet the needs of the organization.
Elogdmp is a command-line tool that sends its output, the contents of the Event Log, to a PC Screen or to a file. The logs of a remote or local computer, whose identity is designated in the utility's syntax (see the next section for details) can be "dumped" using the tool, to a location specified in the syntax. Search of the output data is easy, as it is generated as a comma-delimited text file - a fact that also makes it readily importable into other applications.
The data that appears in the Elogdmp file includes the information depicted in Table 1.
Table 1: Event Log Information
For those of us using it for the first time, Elogdmp.exe can be found in a couple of places, depending upon whether you installed the Windows 2000 Resource Kit, or if you simply have the CD and do not wish to install the full kit on the computer. In the former case, the file can be located on the hard drive of the computer upon which the Resource Kit was installed (the search facility can be used, obviously, if you do not recall the location), in the location chosen at installation time. An example is partially shown in Illustration 2.
Elogdmp.exe can also be extracted from a file on the Windows 2000 Resource Kit, called compmgmt.cab, depicted in Illustration 3.
We can be easily access our target in this compressed file via the more recent versions of WinZip, Once the contents of the .cab file are exposed, as partially depicted in Illustration 4, we can extract the file to any destination we choose.
While any user on the network can use Elogdmp to view
the contents of the Application log on any remote computer on the
network (assuming basic access, etc., privileges), membership within the Domain
Administrators / Administrators group on the computer is required to take
advantage of opportunities to use Elogdmp as a remote administration tool
to view the contents of a remote computer's System or Security