The Event Comb tool (Eventcombmt.exe) is a multi-threaded tool that can be used to gather specific events from the Event Viewer logs of different computers at the same time.
The Event Comb tool includes preconfigured search categories, for example account lockouts. The account lockout search includes events relevant to account lockouts, such as Events 529, 644, 675, 676, and 681.
In the Event Comb tool you can specify any or all the following search criteria:
Individual, multiple, or a range of Event IDs
An Event Source
The Event Comb tool also provides the following features:
Multi-threaded for very fast performance and can search up to 100 different servers at the same time.
Provides multiple methods of adding servers to a search, such as using a text file, browse list, and Active Directory.
Select from preconfigured searches.
Searches through saved event logs.
Auto-detects the type of saved log file.
Save the search results to a text file, Access or SQL database.
Gather events that have occurred since your last search.
Capture statistics about event frequency.
Save and load your searches.
Save text files as .txt or .csv files.
Search Event logs from oldest to newest or newest to oldest.
Resolve IP Addresses to hostnames in Event 675 errors.
Find the largest length of time between events in a log.
Decode Event 1000 flags.
Run searches from the command line.
Schedule searches by using the AT or Task Scheduler services in Windows 2000 and Microsoft Windows XP.
Search for the last time your servers restarted.
Track account lockout issues.
Provides information to help troubleshoot issues with the File Replication Service (FRS).
Collect events to a central location.
The Event Comb tool is included in the Windows Server 2003 resource kit tools. You can download these tools from the following location: