If you aren't quite sure what event you're looking for, you can select the Get All Events With Above Criteria check box to prompt EventCombMT to download the entire event log. You'll notice that selecting this check box disables the Event IDs, Source, Text, and Scan Back options.
You can control the number of concurrent threads dedicated to a search by using the Threads slider. The default is 25 threads. You can change that number before or during a search. For example, if you find that a search is too heavily taxing your system, you can decrease the number of dedicated threads during the search. Doing so won't kill any running threads; it only prevents additional threads from starting until the usage drops below your new limit.
By default, EventCombMT outputs search results to a comma-delimited text file in the C:\temp directory. You can change the output directory by selecting the Set Output Directory option on the File menu. If you're running multiple searches and need to keep the output separate, you can take advantage of this feature and use separate directories for the searches.
Now that you know about EventCombMT's options, let's look at an example of how to use it. Suppose you want to look for user allenj's logon events for the past month on computer AllenJ1. Select that computer, then select the Security log to view the list of users logging on to that computer. In the Event Type section, select all the check boxes, as Figure 1 shows.
Next, make sure that the Get All Events With Above Criteria check box is clear. Then, in the Event IDs text box, enter 528 (for computers running NT 4.0) or 540 (for DCs running Win2K or later) to search for successful logons. In the Text text box, enter allenj. Enter 30 in the Scan Back text box, and select the Days option.
Now you're ready to kick off the search. After you've double-checked your entries, click Search. You'll see a lot of activity both on the right side of the EventCombMT dialog box and in the Status field. If you want to know more about what's going on in these areas, see the online Help documentation.
After the search is complete, the utility automatically opens the output directory in Windows Explorer, so you can quickly see the results. EventCombMT outputs each computer's event log to a separate .txt file. If separate files are a problem, you can redirect the output to one file after you've finished running EventCombMT. At the command line, enter a command such as
type source-text.txt >> destination.txt
where source-text.txt is the EventCombMT output file whose output you want to append to the new output file destination.txt. You need to run this command for each EventCombMT output file that you want to add to destination.txt.
Prev. page
1
[2]
3
next page 
