Using Log Parser 2.2
Pages: 1, 2
NETLOGON errors may be important, so let's key in on those and display the event IDs for these events plus the date and time they were generated (sorted in descending order):
logparser "SELECT TimeGenerated,EventID FROM System WHERE EventTypeName='Error event' AND SourceName='NETLOGON' ORDER BY TimeGenerated DESC" -i:EVT
The output now looks like this:
TimeGenerated EventID ------------------- ------- 2005-06-18 16:44:00 5719 2005-06-18 16:39:19 5719 2005-05-19 08:12:33 5719
What's the description for an event that has event ID
5719? Let's use Log Parser to find out:
logparser "SELECT EventID,Message FROM System WHERE EventID=5719" -i:EVT
This gives us:
5719 No Domain Controller is available for domain MTIT due to the following: There are currently no logon servers available to service the logon request. Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
Uh-oh, could be a problem. Was the network down? Did the domain controller go offline? We need to investigate this further, but if you want a good source of help for understanding events like this, search EventID.net for information on events with this event ID.
This brief look at Log Parser only scratches the surface of what it can do. How can you learn how to do more with this tool?
Next, check out this Professor Windows article on Microsoft's web site, which gives you an excellent bird's-eye view of what Log Parser can do.
After that, you can familiarize yourself with the syntax of Log Parser by typing
logparser -h and viewing the Help information displayed.
Once you've started to rock and roll with Log Parser, check out The Unofficial Log Parser Support Site, where you can find tons of resources and a thriving online community that can answer any questions you might have about using the tool.
Finally, pick up a copy of the Microsoft Log Parser Toolkit (Syngress) and kick your learning into high gear. You'll soon be an expert and wonder how you ever managed your Windows systems before Log Parser came around.
Return to the Windows DevCenter.