:: ################################################################ :: # evtxdaterange.bat # :: # # :: # Batch file created to report the oldest and newest event # :: # records from EVTX files using Log Parser and based on the # :: # TimeGenerated and TimeWritten fields. # :: # # :: # Arguments: # :: # %1 = path to the EVTX file # :: # # :: # Example: C:\>evtxdaterange D:\files\Security.evtx # :: # # :: # Author: Jason Hale # :: # # :: ################################################################ @echo off echo. echo Event Log Date Range: %1 echo ******************************************************************************* :: Find oldest TimeGenerated entry and store in variable for /f "delims=" %%a in ('logparser -i: EVT "SELECT TOP 1 TimeGenerated FROM %1 ORDER BY TimeGenerated ASC" ^| findstr "^[0-9].*$"') do @set oldestg=%%a :: Find newest TimeGenerated entry and store in variable for /f "delims=" %%a in ('logparser -i: EVT "SELECT TOP 1 TimeGenerated FROM %1 ORDER BY TimeGenerated DESC" ^| findstr "^[0-9].*$"') do @set newestg=%%a :: Find oldest TimeWritten entry and store in variable for /f "delims=" %%a in ('logparser -i: EVT "SELECT TOP 1 TimeWritten FROM %1 ORDER BY TimeWritten ASC" ^| findstr "^[0-9].*$"') do @set oldestw=%%a :: Find newest TimeWritten entry and store in variable for /f "delims=" %%a in ('logparser -i: EVT "SELECT TOP 1 TimeWritten FROM %1 ORDER BY TimeWritten DESC" ^| findstr "^[0-9].*$"') do @set newestw=%%a echo Time Generated Range: %oldestg% - %newestg% echo Time Written Range : %oldestw%- %newestw% echo ******************************************************************************* echo.