![]() Since we want to filter the merger, we should wait. The second parameter of CreateLogFileMerger defines if the script waits until all the logs are loaded or not. Add Merger declaration: varĪnd Merger creation before FileList.Free: Merger := TheApp.CreateLogFileMerger(FileList, True) Converting every name to full path name for i := 0 to FileList.Count-1 do FileList := 'C:\LogList\' FileList So, we need to add ‘C:\LogList\’ before every name in the list. It is the same list we got by GetFileList function, but CreateLogFileMerger requires full path of file names. The first parameter of this function is FileNames of TStringList class. You can use TheApp properties and methods to manage Event Log Explorer application.ĬreateLogFileMerger creates an event log view contain events from all event log files in the list and returns a new TSLogView object associated with the log view. When you start Event Log Explorer, it automatically creates an TheApp object which is a single instance of TSApp class (you cannot create TSApp instances manually). This function is a method of TSApp class. Since you have a list of logs to merge, you can use function CreateLogFileMerger to open your files in a merger. display the content of FileList in the debug console GetFileList('C:\LogList\sec*.evtx', FileList) which start with 'sec' and have evtx file extension fill FileList with file names from C:\LogList create object FileList of TStringList class To run this procedure, we have to create TStringList object first: var We have procedure GetFileList which returns list of files matching the specified mask. Now you can type your script.Ĭonsider that your log files are stored in C:\LogList folder and security log file names start with ‘Sec’, e.g. First you need to start Event Log Explorer (Forensic or Enterprise edition) 5.2 or higher.įrom the main menu select Script -> Script Console. ![]() In this article we will write a script that merges security event log files located in one folder and displays only Audit Failure events. Some sample scripts are available in folder “C:\ProgramData\Event Log Explorer\Scripts\Samples\”. You can download our scripting reference at It is similar to Pascal language with some limitation. The scripting language we use in Event Log Explorer is PascalScript (FastScript by FastReports). Scripting lets you can open logs, set filters, scan event views, remove specific events from a log view, export events and many more. Scrips help you automate many routine tasks and improve your performance. Starting from version 5.1 Event Log Explorer comes with scripting support (scripting is implemented in the forensic and enterprise editions).
0 Comments
Leave a Reply. |