Don Jones of Redmond Magazine writes about easing your event log viewing chores…

Minimize the laborious task of searching for specific events with Event Comb.

Configuring auditing on your Windows servers is a great idea: You’ll catch events for successful logons, account lockouts, file access and more. What’s a bad idea is trying to use the captured events! Browsing through servers’ event logs is perhaps the most tedious task in the administrative universe, even with the minor help provided by the Event Viewer’s filtering capability.

Haystack Accelerator

The Windows Server 2003 Resource Kit includes a tool called Event Comb, which has actually been around for a while (it’ll run on Win2000, too). It basically lets you search for specified events across multiple computers. The tool is multi-threaded, so it’s a quick performer, and it includes handy preconfigured searches for events like account lockout (which is actually indicated by about six different events). Search results can be saved as text files, or an Access database, or even logged to a SQL Server database….