EventLog Search: A Utility App for Searching Windows Event Logs

On a number of occasions in the past few weeks, I’ve found myself wishing there was an easy way to search a machine’s event log for events that matched a string in the description.   I’ve primarily wanted such a utility while troubleshooting SCOM management packs, where I wanted to be able to filter for events with the management pack name in the description, from the Health Service Modules source, and an event ID between 21000-22000. While the native Windows EventLog provides filtering capabilities, you can’t enter a filter for the event message/description or search on a range of event IDs.   I believe there are third-party tools that let you do this, but it seemed pretty easy to whip up a Windows Forms application to provide this search functionality.   I was able to put something together in pretty short order, and it can be downloaded here.  The only requirement should be for .NET version 2, and it doesn’t have to be installed to run.   I haven’t taken the time to implement much error-handling or any documentation, but it seems to fit the bill pretty well and it should be pretty self-explanatory.

The main search window:

The event details window (double-click a row in the Data Grid View to open):

Recursively Listing Security Group Members with PowerShell

It seems like a favorite request of auditors is one for lists of all members of a set of local or domain groups that are associated with a resource that is being audited, and these requests typically stipulate that all members of nested groups must be listed as well (i.e. full recursion).  I used to use a VBS script to perform this functionality, but I’ve recently rewritten it in PowerShell.  The script accepts a group name (either local or domain) as well as a recursion depth as command line arguments and outputs a list of all group members to a text file.

The method used to retrieve the group members is:

 $Group= [ADSI]”WinNT://$GroupName,group”
 $Members = @($Group.psbase.Invoke(“Members”))

With that, it’s just a matter of configuring a function that accepts a group name as an input parameter, outputs the members, and loops through the member groups until the defined recursion depth is reached.

The script can be downloaded here.  And the output looks like:

The script could be easily modified to accept a text file with a list of group or server names as in input, or modified to output the results in HTML instead of plain text.

Getting Started

Firstly, the name. The Microsoft Operations Framework (http://technet.microsoft.com/en-us/library/cc539262.aspx) defines the Operating Quadrant as including “IT operating standards, processes, and procedures that are regularly applied to service solutions to achieve and maintain service levels within predetermined parameters.” The Service Management Functions included within the Operating Quadrant are:

System Administration
Security Administration
Directory Services
Network Administration
Service Monitoring and Control
Storage Management
Job Scheduling

 For many of us IT professionals, this is the world we live in. The purpose of this site is serve as a repository for helpful articles and discussions on detailed real-world solutions for improving the network and system environments that we support.