none
Windows 2008 - DUMPEL RRS feed

  • Question

  • We use dumpel to dump out the various security event logs into a text file on our Windows 2003 servers.

    We are supporting our first Windows 2008 server and we are unable to get DUMPEL to dump out the event codes we need.   I understand that the event codes changed in Windows Vista/2008.

    Is DUMPEL supported on Windows 2008 operating system?

    I am trying to dump out various codes such as 4741, 4742, 4743.

    I am not sure why it is not working. I'm using the same script except I updated it to change the event code. Syntax is the same.  
     Example of Syntax:   dumpel -l security -m security -e 4741, 4742, 4733 -d 1 >> c:\output\report.txt

    Any help is greatly appreciated.

    Thank you.

    Thursday, September 23, 2010 5:38 PM

Answers

  • Hi

    Try changing the source like this:

    dumpel -l security -m microsoft-windows-security-auditing -e 4741, 4742, 4733 -d 1 >> c:\output\report.txt

    Worked for me.

    /Peter

    • Marked as answer by Skharps Wednesday, September 29, 2010 12:57 PM
    Wednesday, September 29, 2010 11:05 AM

All replies

  • Hi

    Try changing the source like this:

    dumpel -l security -m microsoft-windows-security-auditing -e 4741, 4742, 4733 -d 1 >> c:\output\report.txt

    Worked for me.

    /Peter

    • Marked as answer by Skharps Wednesday, September 29, 2010 12:57 PM
    Wednesday, September 29, 2010 11:05 AM
  • Thank you so much Pete.

    It worked!  Thanks so much for the quick response.  Appreciate the feedback and help.

    Wednesday, September 29, 2010 12:57 PM
  • Hi All,

    i am facing  issue with dumple in 2008 server where dumple while testing the below comment on remote server shows successfully but log entry is not updating in txt. can any one help pls..

    -l system -m "WindowsUpdateClient" -e 17 -d 1 >> E:wua.txt

    is there any compatibility issue or syntax change  for windows 2008 please let me know.

    Thanks

    V.

    Saturday, June 29, 2013 6:05 PM