JSI Tip 8639. The Event Comb tool can rapidly search multiple computers for individual, multiple, or a range of Event IDs, event Source, event Text, and date range.

Eventcombmt.exe is a multi-threaded tool that can gather specific events from the event logs on multiple computers at the same time. The tool also includes some preconfigured searches, like account lockout, which includes Events 529, 644, 675, 676, and 681.

You can search by:

- Individual, multiple, or a range of Event IDs
- Event Source
- Event Text
- Date Range

The tools includes the following features:

 - Multi-threaded for FAST performance. - Searches up to 100 different servers at the same time. - Provides multiple methods of adding servers to a search (a text file, browse list, Active Directory). - Select from preconfigured searches. - Searches through saved event logs. - Auto-detects the type of saved log file. - Save the search results to a text file, Access database, or SQL database. - Gather events that have occurred since your last search. - Capture statistics about event frequency. - Save and load your searches. - Save text files as .txt or .csv files. - Search Event logs from oldest to newest or newest to oldest. - Resolve IP Addresses to hostnames for Event 675 errors. - Find the largest length of time between events in a log. - Decodes Event 1000 flags. - Run searches from the command line.  - Scheduled searches. - Search for the last time your servers restarted. - Tracks account lockout issues. - Provides information to help troubleshoot issues with the FRS (File Replication Service). - Collect events to a central location.

NOTE: Eventcombmt.exe is available for download from the Windows Server 2003 Resource Kit, but it will run on Windows 2000 also.