How to dump an eventlog, a source or a category
Shared optionsYou can dump the object only
You can select three formats for the output file by choosing the suffix of the file and set several options with the options sheet windows:
You can choose the format of the date:
If you erase the eventlog, the dump since the last dump has no interest and could be empty whereas the log is not empty.
Import file into Microsoft Access
If you import the text file into access, you must import the date as a real
but configure the data type as a date.
Dump of the eventlog, sources and categories
You can dump one number of event (by giving its number, you can find some examples of interesting events) of the entire eventlog, since the last dump or one or several type of event as Error, Warning, Information, Success Audit or Failure Audit.
If you want all the type of events, you'd better choose All Types than checked all the buttons, the dump will be quicker.
If you choose the long format, you can have each piece of information in a separate field and not in a sentence as the event viewer does. For example, you can easily have the size and the number of printed pages by users.
The data are formatted to be include in Office applications as Microsoft Excel or Microsoft Access, so the line feed are erased to have one line per event (but for some event with a lot of data as Dr Watson event, the event could be on several lines due to the maximum size of a line in a file). If you want to import the file in Office application, dont forget to choose the OLE format for the date.
Dump file content
You can add a title line in your output file with the usual format. The software can't guess the number and the content of each field in the long format.
To obtain the description of the event, you must choose the message option. When you dump a remote computer, the description is decoded with remote messages files, if it fails then decodes with local files and the indicator local is added to the message. In this case, the message is decoded only if the software or the service is installed.
If you choose the data hex or/and data ASCII, the event can be on several lines due to the maximum size of a line in a file.
In the data ASCII output, only the printable characters are printed.
Event number; event type; name server; date and time (OLE format for MS Office applications or readable format); user name; domain;
Short format plus information about the event.
To identify this information, you can compare it with the eventlog. The information is given in the same order.
Dump of the user sessions, failure sessions, RAS sessions or print jobs.
Dump file content
This format only contains the fields:
All the fields of the event.
You can choose with this format the fields that interest you and modify the title of each column.
To choose the fields, you must click on the Customize button.
To modify a title, you must select it and then modify the string in the Title control. Don't forget to click on the Modify button to validate the modification.
Dump file content
The sessions list is build with the 528 and 540 events for the begin, and the 538 event for the end of the session of the security log, security source logon/logoff category.
The sessions list is build with the failure audit type event of the security log, security source logon/logoff category.
The sessions list is build with the 20050 event of the system log, RemoteAccess source.
Under Windows 2000, this event seems not to be generated. I need your eventlog to implement the new events. Please send me your eventlog.
The sessions list is build with the 10 event of the system logon Print source.
In the unregistered version, a line is added at the end of the file.
Dump sample in txt format for the print source with message
18:36:12;ISABELLE\Administrateur;print;ISABELLE;;Le document 3, Enveloppes
étranger possédé par Administrateur a été
imprimé sur HP LaserJet 4L via le port LPT1:. Taille en octets :
36124 ; pages imprimées : 2 ;
Dump sample in html format for the print source with messageand long format