This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- Reports & Analytics
- Event ID Report
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-04-2015 05:39 PM
Select Top 1000000 tsysOS.Image As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.IPAddress,
tsysOS.OSname,
tblAssets.SP,
tblNtlog.Eventcode,
Case tblNtlog.Eventtype When 1 Then 'Error' When 2 Then 'Warning'
When 3 Then 'Information' When 4 Then 'Success Audit'
When 5 Then 'Failure Audit' End As Eventtype,
tblNtlogFile.Logfile,
tblNtlogMessage.Message,
tblNtlogSource.Sourcename,
tblNtlogUser.Loguser,
tblNtlog.TimeGenerated
From tblAssets
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Inner Join tblNtlogFile On tblNtlogFile.LogfileID = tblNtlog.LogfileID
Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Inner Join tblNtlogUser On tblNtlogUser.LoguserID = tblNtlog.LoguserID
Where tblNtlog.Eventcode = '64' And tblNtlogSource.Sourcename Like
'%Microsoft-Windows-CertificateServicesClient-AutoEnrollment%' And
tblNtlog.TimeGenerated > GetDate() - 7
Order By tblNtlog.TimeGenerated Desc
This is what I have from a previous post here on the forums. I changed the ID and source name but nothing is pulling. Am I running this report properly? Was hoping to pull event id 64 if found in the last 7 days on a server. Thanks in advance for the help.
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.IPAddress,
tsysOS.OSname,
tblAssets.SP,
tblNtlog.Eventcode,
Case tblNtlog.Eventtype When 1 Then 'Error' When 2 Then 'Warning'
When 3 Then 'Information' When 4 Then 'Success Audit'
When 5 Then 'Failure Audit' End As Eventtype,
tblNtlogFile.Logfile,
tblNtlogMessage.Message,
tblNtlogSource.Sourcename,
tblNtlogUser.Loguser,
tblNtlog.TimeGenerated
From tblAssets
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Inner Join tblNtlogFile On tblNtlogFile.LogfileID = tblNtlog.LogfileID
Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Inner Join tblNtlogUser On tblNtlogUser.LoguserID = tblNtlog.LoguserID
Where tblNtlog.Eventcode = '64' And tblNtlogSource.Sourcename Like
'%Microsoft-Windows-CertificateServicesClient-AutoEnrollment%' And
tblNtlog.TimeGenerated > GetDate() - 7
Order By tblNtlog.TimeGenerated Desc
This is what I have from a previous post here on the forums. I changed the ID and source name but nothing is pulling. Am I running this report properly? Was hoping to pull event id 64 if found in the last 7 days on a server. Thanks in advance for the help.
Solved! Go to Solution.
Labels:
- Labels:
-
Report Center
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-08-2015 04:03 PM
If you would like to list all event log entries, just remove the filters which you find in the SQL code under the Where clause (or in the report editor in the Criteria column). The following report lists all event log entries from Windows server machines (Domainrole > 1). Please note that you might need to enable Warning and Information log scanning under Configuration\Server options, section Eventlog Scanning, and that this will cause a larger load on your database.
Select Top 1000000 tsysOS.Image As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.IPAddress,
tsysOS.OSname,
tblAssets.SP,
tblNtlog.Eventcode,
Case tblNtlog.Eventtype When 1 Then 'Error' When 2 Then 'Warning'
When 3 Then 'Information' When 4 Then 'Success Audit'
When 5 Then 'Failure Audit' End As Eventtype,
tblNtlogFile.Logfile,
tblNtlogMessage.Message,
tblNtlogSource.Sourcename,
tblNtlogUser.Loguser,
tblNtlog.TimeGenerated
From tblAssets
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Left Join tblNtlogFile On tblNtlogFile.LogfileID = tblNtlog.LogfileID
Left Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Left Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Left Join tblNtlogUser On tblNtlogUser.LoguserID = tblNtlog.LoguserID
Inner Join tblComputersystem On tblAssets.AssetID = tblComputersystem.AssetID
Where tblNtlog.TimeGenerated > GetDate() - 7 And tblComputersystem.Domainrole >
1
Order By tblNtlog.TimeGenerated Desc
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-08-2015 04:03 PM
If you would like to list all event log entries, just remove the filters which you find in the SQL code under the Where clause (or in the report editor in the Criteria column). The following report lists all event log entries from Windows server machines (Domainrole > 1). Please note that you might need to enable Warning and Information log scanning under Configuration\Server options, section Eventlog Scanning, and that this will cause a larger load on your database.
Select Top 1000000 tsysOS.Image As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.IPAddress,
tsysOS.OSname,
tblAssets.SP,
tblNtlog.Eventcode,
Case tblNtlog.Eventtype When 1 Then 'Error' When 2 Then 'Warning'
When 3 Then 'Information' When 4 Then 'Success Audit'
When 5 Then 'Failure Audit' End As Eventtype,
tblNtlogFile.Logfile,
tblNtlogMessage.Message,
tblNtlogSource.Sourcename,
tblNtlogUser.Loguser,
tblNtlog.TimeGenerated
From tblAssets
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Left Join tblNtlogFile On tblNtlogFile.LogfileID = tblNtlog.LogfileID
Left Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Left Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Left Join tblNtlogUser On tblNtlogUser.LoguserID = tblNtlog.LoguserID
Inner Join tblComputersystem On tblAssets.AssetID = tblComputersystem.AssetID
Where tblNtlog.TimeGenerated > GetDate() - 7 And tblComputersystem.Domainrole >
1
Order By tblNtlog.TimeGenerated Desc
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-07-2015 09:08 PM
Hey Dan,
I pulled out the tblNtlogSource.Sourcename and stuff is now pulling. My question is, is there a template that you have that pulls all Event Logs? Should this one be pulling all the server logs? ie. System, Application, etc.
Thanks for your help thus far!
I pulled out the tblNtlogSource.Sourcename and stuff is now pulling. My question is, is there a template that you have that pulls all Event Logs? Should this one be pulling all the server logs? ie. System, Application, etc.
Thanks for your help thus far!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-05-2015 03:19 PM
tblNTlog.Eventcode is a number. If you remove the quotes and just search for 64, you might receive more results. In the Database Dictionary you can see the data type of each column. This is relevant if you are using filters on your reports.
Select Top 1000000 tsysOS.Image As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.IPAddress,
tsysOS.OSname,
tblAssets.SP,
tblNtlog.Eventcode,
Case tblNtlog.Eventtype When 1 Then 'Error' When 2 Then 'Warning'
When 3 Then 'Information' When 4 Then 'Success Audit'
When 5 Then 'Failure Audit' End As Eventtype,
tblNtlogFile.Logfile,
tblNtlogMessage.Message,
tblNtlogSource.Sourcename,
tblNtlogUser.Loguser,
tblNtlog.TimeGenerated
From tblAssets
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Inner Join tblNtlogFile On tblNtlogFile.LogfileID = tblNtlog.LogfileID
Left Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Left Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Left Join tblNtlogUser On tblNtlogUser.LoguserID = tblNtlog.LoguserID
Where tblNtlog.Eventcode = 64 And
tblNtlogSource.Sourcename Like
'%Microsoft-Windows-CertificateServicesClient-AutoEnrollment%' And
tblNtlog.TimeGenerated > GetDate() - 7
Order By tblNtlog.TimeGenerated Desc
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
