Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Dump security records and load it into database for audit purpuses. RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi everyone!

      Every 15 minutes I dump Windows Server security records using '%SystemRoot%/System32/wevtutil.exe qe Security /c:10000 /rd:true /f:text > file.txt' and load it into a SQL database, but I have one issue; often are duplicate records in the dump file, records already loaded into the database. Is there a way to use 'wevtutil.exe' tool to dump security records based on time, like "give to me the last one hour records"? Or a way to delete the security records already dumped into a file? In other words, I must not dump what was already dumped once!

    Hope I was clear enough.

    Doria

    • Moved by Bill_Stewart Tuesday, November 7, 2017 9:38 PM Off-topic
    Monday, September 11, 2017 9:07 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    This is not a scripting question.  It isa Windows utility program question.

    Start by reading the instructions:

     wevtutil epl -?

    You will use a query to adjust the output.

    Post further questions in the Server forum for your version of Windows Server.

    \_(ツ)_/

    Monday, September 11, 2017 9:47 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Okay, wrong forum, sorry!

    Doria

    Tuesday, September 12, 2017 5:37 PM