Pario TechnoBlob
msgbartop
A chronological documentation test project, nothing serious, really!
msgbarbottom

15 May 2009 Simple Windows Print Accounting using Event Viewer data

This post continues where my previous post titled Export events including Event Properties from Windows Event Viewer left off.

The data I’m going to work with was exported using eventquery.vbs and saved in a CSV-file, comma separated file and it is presented in the form shown below.

"Information","10","12.05.2009 13:24:48","Print","Servername","None","AD\username","Document 232, filename.pdf owned by username was printed on printername via port IP_192.168.0.254. Size in bytes: 279232; pages printed: 18"

I’m interested in the username, date/time printed and pages printed and will now show how I’ve accomplished that using some simple linux console commands.

awk -F, '{print $7 " " $3 " " $4 " " $NF}' Event_Viewer_System.csv | grep printername | awk '{print $1 "," $2 "," $3 "," $NF}' | sed 's/\"//g'|sort > PrintAccounting.csv

Result

username,14.05.2009,12:58:41,18
username,15.05.2009,09:24:13,2
username,15.05.2009,09:25:00,37
username,15.05.2009,09:30:03,2
username,15.05.2009,09:30:29,2
...

Where the fields contain username, date, time and the amount of printed pages.

A short description on whats being done

  • print out column 7, 3, 4 and last column where the separator is a comma (,) from the file Event_Viewer_System.csv
  • filter out the printer you are interested in
  • filter out again the data we are interested in
  • remove quote sign (“) from the list
  • sort the list ny username
  • redirect the output to a file

And that’s how you make a primitive print accounting system from data gathered in a Windows Server.
This particular example has been testen on data from a Windows 2003 Server, but I think it can be performed on other versions of Windows as well.

Tags: , , ,

Posted by

Filed in Linux, Misc, Scripting, Windows with Comments Off on Simple Windows Print Accounting using Event Viewer data

13 May 2009 Export events including Event Properties from Windows Event Viewer

This post came to life after a request to produce an overview of how many prints every user produced on a special printer from our print server. Since we have no print accounting software installed on our Windows 2003 Server I had to come up with a new solution to this problem. The actual print accounting part will be posted in another post…

The solution I came up with was to enable auditing on printing and then gather information from the System log in the Event Viewer. But first I had to export the necessary data from the Event Viewer since a normal export using the “Export List…” function by right clicking a log would not give me a good enough detail level including Event Properties.
Event Viewer

After some research I found a Windows tools called eventquery.vbs which is located in the windows/system32 folder on most Windows PCs. It’s a script that lists the events and event properties from one or more event logs.

Export log info
This is the switches I used to export Event Viewer events from System

cscript c:\windows\system32\eventquery.vbs /fi "Type eq Information" /fi "Source eq Print" /fi "ID eq 10" /v  /l System /fo csv > Event_Viewer_System.csv

The syntax I used was to filter (/fi) out

  • Events equal the type “Information”
  • filter out Source equal to “Print”
  • filter out ID equal “10”
  • and have a verbose (/v) output
  • from the System log (/l System)
  • output as comma separated file (/fo)
  • and redirect the result to a file > filename.csv

More info about the eventquery.vbs tool can be found by following the link under Sources.

The result from this export can look something like this

"Information","10","12.05.2009 13:24:48","Print","Servername","None","AD\username","Document 232, filename.pdf owned by username was printed on printername via port IP_192.168.0.254. Size in bytes: 279232; pages printed: 1"

If you look at the image below you’ll understand where I got the filter type info from.
Event Properties

These data now gives me the opportunity to filter out the data I need to create a simple print accounting on my users, and that is posted in the post named Simple Windows Print Accounting using Event Viewer data.

Source: eventquery.vbs

This post can also be used to export from any Event Viewer data log like Application, Security, Internet Explorer or other logs you have on your system.

Tags: , , ,

Posted by

Filed in Scripting, Windows with Comments Off on Export events including Event Properties from Windows Event Viewer
sidebartop
sidebarbottom
sidebartop

Categories

sidebarbottom
sidebartop

Tags

Apache apt-get awk backup basename bash CentOS convert csv Database dd Debian esxi5 Etch EXIF Fedora find Gentoo grep howto html imagemagick iptables iso jhead JPG mount MySQL NEF Nikon nmap perl PHP Postfix RedHat rhel5 rpm sed SMTP sort ssh Ubuntu VMware Wordpress Zimbra
sidebarbottom
© Pario TechnoBlob / Design: Smashing Wordpress Themes