User-1947436311 posted
I'm trying to use LogParser to read the 2008 Windows Setup log from a Windows 2008 machine, but it's failing.
C:\Program Files (x86)\Log Parser 2.2>logparser -i:evt "select * from \\server1\Setup"
Error: Error retrieving files: Error searching for files in folder \\server1\Setup: The network name cannot be found.
It appears to be that this is because the new Windows 7/2008 logs do not have a registry entry under:
HKLM\SYSTEM\CurrentControlSet\services\eventlog\
So, to test I created a key:
HKLM\SYSTEM\CurrentControlSet\services\eventlog\Setup
and subsequent REG_EXPAND_SZ entry
File : %SystemRoot%\system32\winevt\Logs\Setup.evtx
and then ran LogParser against it again. I got farther, but I'm missing the definitions. Which I'm guessing are specified with "DisplayNameFile" and "DisplayNameID", but don't know what they are. The output I get with adding those entries
is:
Setup 463 2013-01-04 13:34:01 2013-01-04 13:34:01 3 0
Success event 0 None Microsoft-Windows-Servicing KB2758
857|5064|Staged|0x800f0816|WindowsUpdateAgent server1 S-1-5-18 The description for Event ID 3 in Source "Microsoft-Windows-Servicing" cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages
from a remote computer <NULL>
How can I parse the Windows 7 and 2008 Setup logs using Microsoft LogParser?
