locked
Logparser with KMS logs RRS feed

  • Question

  • User-1174586655 posted

     Hello..

     I would like to generate reports off of a KMS server.   More specifically I would like to query a remote kms server {logs for the server} and output the log results to an html page every hour or so.  I have figured out how to query the application/security logs on a remote server but I have not been able to get to the kms logs.   Any example queries would be greatly appreciated :)   Thanks.

     

    Monday, September 14, 2009 7:13 PM

All replies

  • User-1174586655 posted

     Ok...so I just came across this script... {http://www.cc.puv.fi/~kan/soccm/kms2page.txt}   It is almost exactly what I want to do...the only problem I see is it does not return all of the machine results...     it returns some of the results...but not all.  Thoughts?

     

     

    <------------------- BEGIN KMS.BAT ------------------------------>

    @echo off
    rem kms service
    logparser "SELECT TO_UPPERCASE(EXTRACT_TOKEN(EXTRACT_TOKEN(Strings,2,','),0,'.')) as cn, MAX(EXTRACT_TOKEN(Strings,4,',')) as date INTO 'c:\inetpub\wwwroot\your_path_here\your_page_here.html' FROM '\\your_KMSserver_here\Key Management Service' WHERE EXTRACT_TOKEN(Strings,6,',') LIKE '1' GROUP BY cn ORDER by cn ASC" -i:EVT -o:TPL -tpl:kms.tpl

    <---------------------- END KMS.BAT -------------------------------->
    <---------------------- BEGIN KMS.TPL ------------------------------>

    <LPHEADER>
    <html>
    <head><title>KMS - activated machines</title></head>
    <body>
    <table border=1 cellspacing=0 cellpadding=0>
    <tr><th colspan=2>Date since last reactivation</th></tr>
    </LPHEADER>
    <LPBODY><tr><td>%cn%</td><td>%date%</td></tr></LPBODY>
    <LPFOOTER>

    </table>
    <P><SCRIPT type="text/javascript">document.write("Date: " + document.lastModified)</SCRIPT></p>
    </body>
    </html>
    </LPFOOTER>

    <----------------------- END KMS.TPL ----------------------------------->

     

    Monday, September 14, 2009 7:35 PM
  • User-1174586655 posted

     {Example KMS Log from server}

     

    Date: 9/1/2009

    Source:  KmsRequests

    Time: 1:09:08 PM

    Category: None

    Type: Information

    Event ID: 12290

    User: N/A

    Computer: KMSServerNameHere

     

    An activation request has been processed.
    Info:
    0x0,25,machinenamehere,3534kjdcass-a4k3-54a6-9c32-f9a53dba8e9e,2009/9/1 17:9,1,2,45200,b92s3480-b9d5-2342-9b12-32ak32f5152

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

     

    Monday, September 14, 2009 7:51 PM
  • User-1946329593 posted

     I imagine by now you have figured this out, but in case not, and in case it's helpful for anyone else, the logparser query you posted looks like this:

    SELECT TO_UPPERCASE(EXTRACT_TOKEN(EXTRACT_TOKEN(Strings,2,','),0,'.')) as cn, MAX(EXTRACT_TOKEN(Strings,4,',')) as date INTO 'c:\inetpub\wwwroot\your_path_here\your_page_here.html' FROM '\\your_KMSserver_here\Key Management Service' WHERE EXTRACT_TOKEN(Strings,6,',') LIKE '1' GROUP BY cn ORDER by cn ASC

    ...just ditch the "where" portion to get all the systems:

    SELECT TO_UPPERCASE(EXTRACT_TOKEN(EXTRACT_TOKEN(Strings,2,','),0,'.')) as cn, MAX(EXTRACT_TOKEN(Strings,4,',')) as date INTO 'c:\inetpub\wwwroot\your_path_here\your_page_here.html' FROM '\\your_KMSserver_here\Key Management Service' GROUP BY cn ORDER by cn ASC 
    

     

    Monday, October 19, 2009 9:51 AM