I'm looking for an advanced Event Viewer log file query tool, preferably one that supports an SQL-like query language. Do you know of any such tools?
Microsoft Log Parser 2.0 is a command-line tool that lets you use SQL-like queries to extract information from a wide range of file formats. Log Parser supports file formats such as Microsoft IIS log files, ODBC-compliant databases, and Windows event-log files. Log Parser also lets you output query results to XML-formatted files. You can download the tool for free from http://www.microsoft.com/windows2000/downloads/tools/logparser/default.asp.
Unfortunately, you can't install Log Parser on the Windows NT 4.0 platform; the installation program runs on only Windows 2000 or later platforms (the tool relies on DLLs that are available only in Win2K and later systems). However, you can install the tool on a Win2K Server or Win2K Professional (or later) platform and run it remotely against an NT 4.0 machine. Or you can export the NT 4.0 machine's log files (using the *.evt format), copy them to a Win2K platform, and analyze them locally. Following are some simple Log Parser query examples that show how to connect to a remote system and analyze a log file that's stored on the local file system.
Logparser "SELECT Message FROM \\MyServer\Security"
This command returns all event-log messages that are currently in the Security event log on a machine called MyServer. If NetBIOS name resolution isn't available, you can use the remote machine's IP address. The Log Parser command returns all event-log messages that are stored in the backup.evt event-log file in D:\MyLogs.
Logparser "SELECT Message FROM D:\MyLogs\backup.evt"
More complex Log Parser SQL query examples are available in the tool's documentation (logparser.doc).
