Make scanning Windows XP's Event Logs easier with Eventquery.vbs

by Greg Shultz | Jul 13, 2005 3:39:00 PM

Tags: Greg Shultz, Eventquery.vbs, Microsoft Windows XP, Microsoft Windows, Windows XP Tips Newsletter

Takeaway: Sifting through the logs in Windows XP's Event Viewer can be a bit of a nightmare due to the sheer volume of entries in any one log file. You can save time by using Eventquery, which provides you with parameters that allow you to narrow your search to a specific event at a certain time in a particular log file.

Windows XP maintains several log files that can be great sources of information when troubleshooting problems. However, sifting through the logs in Event Viewer can be a pain due to the sheer volume of entries in any one log file.

You can save yourself time and effort by learning how to use the Eventquery VBScript program, which is in the \Windows\System32 folder in every installation of Windows XP. Eventquery provides you with a series of parameters that will allow you to instantly narrow your search down to a specific event during a chosen time period in a particular log file.

Keep in mind that Eventquery.vbs runs in the command-line version of Windows Script Host: Cscript.exe. Therefore, in order to run it, you have to open a Command Prompt, change to the Windows\System32 folder, and type:

Cscript Eventquery.vbs {parameters}

For example, if you want to search through the System log for Warning events that occurred since the beginning of the day, you would use a command line like this:

Cscript Eventquery.vbs /l system /fi "Datetime gt mm/dd/yy,12:00:00AM"
 /fi "Type eq Warning"

where mm/dd/yy is the current date.

You can find a detailed list of parameters for Eventquery.vbs in the Windows XP Help and Support Center or by typing Cscript Eventquery.vbs /?on the command line.

Stay on top of the latest XP tips and tricks with our free Windows XP newsletter, delivered each Thursday. Automatically sign up today!

Print/View all Posts Comments on this article

Try it and report back! Greg Shultz | 07/13/05

Can't find the eventquery_vbs file BC008 | 07/14/05

RE: Can't find the eventquery_vbs file infoguy | 07/14/05

Works only with XP? KB InfoSec Admin | 07/14/05

Can't say for sure... Greg Shultz | 07/14/05

Eventquery in W2K Server Greg Shultz | 07/15/05

Event Viewer RalphY123 | 07/14/05

WHere is it? jamesjurden@... | 07/23/05

What am I doing wrong? infoguy | 07/14/05

null rrjkramer@... | 07/14/05

Formatting error... Greg Shultz | 07/14/05

Some Mis-Information Here allenf@... | 07/14/05

Are you positive? Greg Shultz | 07/14/05

Perhaps it's only XP Pro? CSA | 07/14/05

Should be in XP Home too Greg Shultz | 07/14/05

Nope, not here either Ken G. | 07/14/05

WinXP Home is not for networking... ServHi-Tech | 07/14/05

Windows XP HOME not for.... Synthetic | 07/15/05

MIA here as well. Did HP omit? deepsand | 07/21/05

How do you save it to a text file? ehurt@... | 12/13/05

Event Viewer without event description is useless brucelloyd@... | 07/14/05

details town_drunk | 07/14/05

The /V switch works great! Thanks! brucelloyd@... | 07/14/05

another option town_drunk | 07/15/05

Use within batch file for ease of editing innocent_bystander | 10/09/05

Why type the whole path feral@... | 03/19/06