Thanx

A quick search of the reskit uncovered this...

quote:

---

dumpel.exe

This command-line utility can be used to dump an event log into a tab-separated text file. It can also be used to apply a filter to find or exclude certain event types. You can use this utility to dump the event log of both local and remote systems.

To dump the system event log on server \\Eventsvr to a file Event.out:

dumpel -s eventsvr -l system -f event.out

To dump the local system event log, including only rdr events 2013:

dumpel -l system -m rdr -e 2013

To dump the local application log, and include all events except ones from the garbase source:

dumpel -l application -m garbase -r

---

Luck

Shawn.

[This message has been edited by Shawn (edited 16 January 2001).]

dumpel.exe is a tool that comes with the NT Resource kit.

Now this raises a question that I don't know the answer to.

I got my copy of the Resource kit through my subscription to "MS Technet Plus". Is this the only way to get a copy of the resource kit? Or can you DL the resource kit from some hidden corner, behind the 3rd link on the left, on page number 2, knock twice, and the password of the day is "bubba", on the MS site?

Bryce

Funny you should mention that - I was just chatting with our on-site MS consultant (yup - we have one - full time) and I posed this question to him (because I'm brain-washed) and this is what he said...

The NT4 reskit was not free because it came with the MSDN subscription (don't know if that's true or not).

The Win2K reskit is totally free.

Does that make sense to anyone ?

Does this mean that the NT4 reskit is now free ?

Anyone ?

Shawn.

Free Windows 2000 Resource Kit Tools for Administrative Tasks

Shawn.

Ask your consultant again!

I found this text at the end of the download pages for the free tools:

Buy the Resource Kits

Windows 2000 Server Resource Kit
Windows 2000 Professional Resource Kit

So still not free?

Erik

ps. When you buy software today it only seems that you get the basics. If you want it to do what you expected it to when you bought it, you have to buy something more.
I have two more examples in our backup software and firewall software

[This message has been edited by kholm (edited 16 January 2001).]

Doing a search, I found that a "subset" of the kit is now free...

Windows NT 4.0 Resource Kit Support Tools

[I haven't downloaded this yet - don't know what's in it]

Shawn.

Well - if you haven't already download it ( I just did) - dumpel.exe is included in the free Windows NT Resource Kix Support Tools ...

Kix on - my brother !

Shawn.

You get a small about of the full thing, a subset as Spawn put it.

Then, when/if you buy the full product, you get a nice shiney CD with it all on

On the other hand, if you have access to the Microsoft Select Option, you can get hold of the full thing for free - apparently.!

Mike

As far as I know, it was originally ONLY a book. Then something appeared on MS Web, and now many of its utilities are freely downloadable. KIXTART itself was always included with it. It's also included in the MS Technet subscription.

Returning to the question, do not forget the BACKUPEVENTLOG() function of Kixtart (since the 3.61 version). The file obtained could be easily scanned with readline to look for specific data. But, from my point of view :
1. it's easier (and quicker) to place some code in the login script of the users.
2. do not rely too much on logout events on the Event Viewer. Users like a lot to switch off the power instead then logging out ...