Dump security records and load it into database for audit purpuses. RRS feed

  • Question

  • Hi everyone!

      Every 15 minutes I dump Windows Server security records using '%SystemRoot%/System32/wevtutil.exe qe Security /c:10000 /rd:true /f:text > file.txt' and load it into a SQL database, but I have one issue; often are duplicate records in the dump file, records already loaded into the database. Is there a way to use 'wevtutil.exe' tool to dump security records based on time, like "give to me the last one hour records"? Or a way to delete the security records already dumped into a file? In other words, I must not dump what was already dumped once!

    Hope I was clear enough.


    • Moved by Bill_Stewart Tuesday, November 7, 2017 9:38 PM Off-topic
    Monday, September 11, 2017 9:07 PM

All replies

  • This is not a scripting question.  It isa Windows utility program question.

    Start by reading the instructions:

     wevtutil epl -?

    You will use a query to adjust the output.

    Post further questions in the Server forum for your version of Windows Server.


    Monday, September 11, 2017 9:47 PM
  • Okay, wrong forum, sorry!


    Tuesday, September 12, 2017 5:37 PM