- 1). Log into the system as an administrator. Press the "Windows" and "R" key to launch the "Run" command dialog box.
- 2). Type "eventcomb.exe" or "eventcombmt.exe" in the provided text field. Press "Enter." The "EventComb" console will open.
- 3). Right-click the "Select To Search/Right Click To Add" text box. Choose an option that fits your needs from the drop-down menu. The list includes "Get DCs in Domain," "Get Servers in a Site," "Add Single Server," "Add All GCs," "Get All Servers (Slow)," "Get Servers from File," "Select All Servers In List" and "Clear List."
- 4). Choose "Add Single Server" from the drop-down menu if you wish to add run the search on a single server. The "Add Server" dialog box will open. Type the server name in the "Server Name" text field and click "Add Server."
- 5). Choose the type of log files by checking the corresponding check boxes within the "Choose Log Files to search" section. The list includes "System," "Application," "Security," "FRS," "DNS" and "AD."
- 6). Choose the event types to search for by selecting the corresponding check box within the "Event Types" section. The list includes "Error" "Informational," "Warning," "Success" and "Get All Events With Above Criteria."
- 7). Enter a specific event ID to search for under the "Event IDs" text field, if necessary. Select "W32Time" from the "Source" drop-down menu and click "Search."
- 8). Allow for the search process to complete. Open the resulting output file located in the "C:\Temp" directory. The file will display as follows "FileName-System_LOG.txt"
- 9). Open the log file with Notepad or other text editor application and review the events.
SHARE
