Windows Event run Rev app ?

MisterX b.xavier at internet.lu
Fri Aug 12 22:32:00 EDT 2005 

Michael

shellcity.com has what you need

there's an evtdump also on sysinternals or the restoolkit.

psloglist.exe from sysinternals does a good job with plenty of options

you call it using the shell command.

Usage: psloglist [\\computer[,computer2[,...] | @file] [-u username [-p
password]]] [-s [-t delimiter]] [-m #|-n #|-d #|
-h #|-w][-c][-x][-r][-a mm/dd/yy][-b mm/dd/yy] [-f filter] [-i ID,[ID,...]]
| -e ID,[ID,...]] [-o event source[,event so
urce[,...]]] [-q event source[,event source[,...]]] [[-g|-l] event log file]
<event log>
  
     @file     Psloglist will execute the command on each of the computers
               listed in the file.
     -a        Dump records timestamped after specified date.
     -b        Dump records timestamped before specified date.
     -c        Clear event log after displaying.
     -d        Only display records from previous n days.
     -e        Exclude events with the specified ID or IDs (up to 10).
     -f        Filter event types, using starting letter
               (e.g. "-f we" to filter warnings and errors).
     -g        Export an event log as an evt file. The can only be used
               with the -c switch (clear log).
     -h        Only display records from previous n hours.
     -i        Show only events with the specified ID or IDs (up to 10).
     -l        Dump the contents of the specified saved event log file.
     -m        Only display records from previous n minutes.
     -n        Only display n most recent records.
     -o        Show only records from the specified event source or sources
               (e.g. "-o cdrom").
     -p        Specifies password for user name.
     -q        Omit records from the specified event source or sources
               (e.g. "-q cdrom").
     -r        Dump log from least recent to most recent.
     -s        Records are listed on one line each with delimited
               fields, which is convenient for string searches.
     -t        The default delimiter for the -s option is a comma,
               but can be overriden with the specified character. Use "\t"
               to specify tab.
     -u        Specifies optional user name for login to
               remote computer.
     -w        Wait for new events, dumping them as they generate (local
system
               only.)
     -x        Dump extended data.
     eventlog  Specifies event log to dump. Default is system. If the
               -l switch is present then the event log name specifies
               how to interpret the event log file.

cheers
Xavier

> -----Original Message-----
> From: use-revolution-bounces at lists.runrev.com 
> [mailto:use-revolution-bounces at lists.runrev.com] On Behalf Of Mike
> Sent: Saturday, August 13, 2005 01:13
> To: How to use Revolution
> Subject: Re: Windows Event run Rev app ?
> 
> Xavier
> Your right, system event is best for what I'm looking to find 
> id's, to watch for cable connects/disconnects, wireless speed 
> connects/disconnects. I see the .evt file is in use and to 
> spit it out to a usable format has got me, any idea on that one ?
> Michael
> ----- Original Message -----
> From: <xbury.cs at clearstream.com>
> To: "How to use Revolution" <use-revolution at lists.runrev.com>
> Sent: Friday, August 12, 2005 8:07 AM
> Subject: Re: Windows Event run Rev app ?
> 
> 
> > Hi Michael
> >
> > I thought about that after writing the mail however and 
> just like snmp
> > traps (used for monitoring as well),
> > these are not geared for events like changes in the 
> registry and the user
> > events... Only hardware or
> > system states and application events.
> >
> > The security login can tell some access events but since 
> there's no way to
> > query just one event, you
> > have to import more events each time (or dump the events 
> and loose the
> > event log each time).
> >
> > cheers
> > ---------------------=---------------------
> > Xavier Bury
> >
> >
> > use-revolution-bounces at lists.runrev.com wrote on 12/08/2005 
> 13:38:57:
> >
> > > Xavier
> > > about watching for events, capturing the event viewer log 
> then sift
> > through
> > > it for the id ?
> > > Michael
> > > ----- Original Message ----- 
> > > From: "MisterX" <b.xavier at internet.lu>
> > > To: "'How to use Revolution'" <use-revolution at lists.runrev.com>
> > > Sent: Thursday, August 11, 2005 11:30 PM
> > > Subject: RE: Windows Event run Rev app ?
> > >
> > >
> > > > Michael
> > > >
> > > > not that i know other than watching for events via the 
> event viewer
> > > > or writing an vbs monitor to do so... There's also 
> specialized apps
> > > > for this (sysload comes to mind) but there's many others...
> > > >
> > > > cheers
> > > > Xavier
> > > >
> > > > > -----Original Message-----
> > > > > From: use-revolution-bounces at lists.runrev.com
> > > > > [mailto:use-revolution-bounces at lists.runrev.com] On Behalf Of
> > Michael
> > > > > Sent: Friday, August 12, 2005 02:12
> > > > > To: use-revolution at lists.runrev.com
> > > > > Subject: Windows Event run Rev app ?
> > > > >
> > > > > Hello
> > > > > Any one know if there's a function in Rev to detect a 
> Windows event
> > ?
> > > > > detect a error log event or a registry change. What I mean by
> > > > > this is the Windows event executing the rev app ?
> > > > >
> > > > > MichaelD
> > > > >
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > use-revolution mailing list
> > > > > use-revolution at lists.runrev.com
> > > > > Please visit this url to subscribe, unsubscribe and manage
> > > > > your subscription preferences:
> > > > > http://lists.runrev.com/mailman/listinfo/use-revolution
> > > > >
> > > >
> > > > _______________________________________________
> > > > use-revolution mailing list
> > > > use-revolution at lists.runrev.com
> > > > Please visit this url to subscribe, unsubscribe and manage your
> > > subscription preferences:
> > > > http://lists.runrev.com/mailman/listinfo/use-revolution
> > >
> > > _______________________________________________
> > > use-revolution mailing list
> > > use-revolution at lists.runrev.com
> > > Please visit this url to subscribe, unsubscribe and manage your
> > > subscription preferences:
> > > http://lists.runrev.com/mailman/listinfo/use-revolution
> >
> >
> >
> > -----------------------------------------
> > Visit us at http://www.clearstream.com
> >
> > IMPORTANT MESSAGE
> >
> > Internet communications are not secure and therefore Clearstream
> > International does not accept legal responsibility for the 
> contents of
> > this message.
> >
> > The information contained in this e-mail is confidential and may be
> > legally privileged. It is intended solely for the 
> addressee. If you are
> > not the intended recipient, any disclosure, copying, distribution or
> > any action taken or omitted to be taken in reliance on it, is
> > prohibited and may be unlawful. Any views expressed in this 
> e-mail are
> > those of the individual sender, except where the sender specifically
> > states them to be the views of Clearstream International or 
> of any of
> > its affiliates or subsidiaries.
> >
> > END OF DISCLAIMER
> > _______________________________________________
> > use-revolution mailing list
> > use-revolution at lists.runrev.com
> > Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-revolution
> 
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage 
> your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
>

More information about the use-livecode mailing list