Skip to content

Latest commit

 

History

History
41 lines (32 loc) · 2.03 KB

README.md

File metadata and controls

41 lines (32 loc) · 2.03 KB

EventLog Analyzer

This is a utility I wrote a few years ago for automating analysis of Event Log files exported from production machines. The idea was to automate identifying and classifying similar Event Log records to get a quick overview of all the failure types and to focus on and fix the most frequent failure types.

It reads a bunch of Event Log files (*.evt) and automatically groups related Event Log records based on their similarity. Once the analysis is complete, it writes out a CSV each for every group of related events found, and a summary text with a bunch of statistics. You can provide it some filters that tell it to look at only the Event Log records that match a certain criteria.

Warning: It can be quite slow if you're processing a large number of Event Log records.

Hopefully, I'll get around to fixing the performance when I get some time (now that I've reopened the project after over 3 years :D).

Commandline Options:

Pre-filters:: Time: -after -before -at Type: -type :: Error|FailureAudit|Information|SuccessAudit|Warning Message: -startsWith -contains Computer: -computer Source: -source EventId: -eventId

Processing options: -tolerance :: Tolerance threshold for determining similarity of two Event log messages. Defaults to 0. i.e. Maximum accuracy => Least fuzzy => More groups

Output options: Fields in output reports: -include (FieldNames|All) :: FieldNames:= Type|DateTime|Source|Category|EventId|User|Computer|Message Output Folder: -output :: Folder must exist

References

TODO:

  • Improve performance (Parallelize log record comparisons?)
  • Bring back/rewrite the GUI client
  • Refactor/cleanup.