Search Multiple Event Logs across Multiple Servers - EventCombMT.exe

Found this neat little tool from the peeps at Microsoft, available for download as part of the Account Lockout and Management Tools - https://www.microsoft.com/en-gb/download/details.aspx?id=18465. The tool allows you to search for specific details (Event IDs, Sources etc) across multiple event logs over multiple servers at lightning spends.

It’s pretty simple to use and the following example searches for servers affected with the Event 1069 Issue.

Once downloaded run EventCombMT.exe

Click Options, Set Output Directory – C:\Temp\Event1069

Click Options, Select Only Get One Matching Event – this speeds up the search process as typically 1 event means there is an issue.

Click Options, Set Date Range, specify a suitable period as this also speeds up the search process.

Domain will auto populate with a logged in domain user, if not just add the domain FQDN.

All other options should match above screenshot

Right Click the Highlighted Section above and Select Get Servers From File

Select C:\Temp\Event1069\Servers.txt (easier to have a text file with the full list for hundreds of servers)

Click Searches > Save This Search > 1069 - This will save the search for future use.

Click Search

Click Yes on the Left message

Once complete, open folder C:\Temp\Event1069 and see if any files have been generated.

Simples

Christopher Tracy

#EventLogs #TerminalServices

Search Multiple Event Logs across Multiple Servers - EventCombMT.exe

Featured Posts

Event 1069 - TerminalServices-RemoteConnectionManager

Task Manager Lite

AppSense AM - How to Disable an exe via Computer AD Group Membership (PowerShell Scripted Rule)

PowerShell Script to get Current User SID

Double Hop Drive Mappings

Shadow Key 2012 – Update for Windows Server x64 / 64bit