At work, I can really get into a good groove working on our intranet. It is small, but interesting to work on. What can knock me out of that groove and really just poison the day is being snapped back to the reality of working with Windows by encountering another limitation. So, I need to search the event logs of a print server for a printer IP address, as a way of determining who is printing to it. Maybe I am approaching it wrong, I don’t know. But the most straightforward approach seems to be to search the logs. I forgot, however, that there seems to be no built-in way to parse through days and weeks of log entries, akin to grep’ing logs on a linux server, for Windows. I resigned myself to finding a vendor-provided or open-source free tool to do such. Googling found some items from Microsoft, but no download links. It was the end of the day, I was tired and frustrated from having to go to such lengths to do what seemed to be such a simple task, and the one tool I was able to download is command-line run with cryptic help options.
Maybe I am looking at this the wrong way, and should be focused on a different manner of determining who is printing to a printer than looking through the system event logs for the IP. Shows how much I have forgotten about Windows since I switched to Linux six years ago… This isn’t the first time I have wanted to parse through the logs, however. Seems like the best solution is to buy some third party bolt-on server app with an annual maintenence cost to it.
Why do Windows event logs have to be in some weird binary format? Why can’t they just be text?
Filed under: /dev/urandom