Working With Psloglist To Query The Eventlogs

Psloglist is a very powerfull and good tool to drill down multiple eventlogs and getting just the data you want. Im my case there was something like NetIQ for monitoring but it was slow in notifying the operator and because of this I wrote a little batchfile so that it showed me the events 6008 from all member servers so that I could read them in Excel. This way we could track if there were unexpected shutdowns throughout the enterprise.

This is the little code that I used:

psloglist @serverlist.txt -i 6008 -a 03/28/09 -b 12/31/09 -s -t ,system > event6008.txt

Ofcourse you can also grab security events like 861:

PsLoglist @serverlist.txt -i 861 -s -t , Security > EventListing.txt

Serverlist could be made with a dsquery out of active directory See this Dsquery

