Technology Blog, by: David Monaghan.

Windows XP Home, Viewing Logs Remotely with MS Log Parser 2.2.

Posted by David on January 4, 2006

I've been seeing a lot of cool tools coming out of the doors over at Microsoft lately, I think they are finally realizing that just because most users don't like the text console, developers and administrators not only love it but need it. I've been hunting the last couple of days for a tool which would let me browse the log files on remote computers which I administrate and/or use because for some reason the built in Windows XP event viewer will not browse to remote computers (or if it does it is slow and won't look at the data, only at the top level categories). The Windows help for the event viewer has information about a tool I keep runing into called eventquery.vbs but I can't find it on my system nor can I find a download or source… I finally ran into this Microsoft tool called Log Parser which will take not only the Windows XP evt files, but many other types of logs as well, and will parse them into various forms using SQL syntax to join and tables of information into something more easily parsed like HTML, or XML. Need I say any more?

Here's a link to the download page on Microsoft's website; Log Parser 2.2 on Microsoft.com

If you're looking for an eventviewer download, I'm sorry to say I can't find one. I've been looking around and I keep seeing these articles about how great it is, but they seem to miss the fact the XP Home doesn't come with it. If I can ever find a place to get it I will report it but I'm not holding my breath, my next try will be Microsoft tech support.

Is Log Parser a good replacement? I would think not, it's still a command line tool but I don't think it works the same. I would have to take a better look at both of them to give a good description of them and to fully compare them but I think Log Parser is better for generating pretty reports than for basic system administration. I'm using Log Parser to generate reports that I can view from another workstation, it's obviously not the same but it accomplishes what I set out to do. The biggest problem here is getting an updated report when you need it, I don't really want to take the time to ssh the machine but I also don't want to generate a new report every minute. I have the tool running on a schedule of about every half hour or so but often I want to look at something that just happened, not to mention the fact that the Windows Scheduler or whatever it's called) seems to work about 95% of the time. Until I find a better solution this will have to work.


