Hosting Provided By

RE: Win2k log management

From: Gabriel Aguilera <gabriel(at)unicraft.com>
Date: Wed Jan 29 2003 - 11:28:07 EST

Sorry if I'm lost here... but isn't the use of this perl script the same thing as Event Viewer > Connect to another computer... option but in a script fashion? Maybe useful for offline reviewing. I think there is a difference in asking for a centralized place where to watch the logs and the option of having a centralized management solution that can handle some sort of analysis in a distributed fashion of the server farm.
IF the problem here is "walking around" well... then open your MMC console and read/save the remote logs from your desktop/laptop computer. Else I would recommend a solution that can handle the fact that a server might go down because of another server in the farm having trouble. I know MOM (Microsoft Operations Manager) (This used to be NetIQ´s management solution) can handle this... but it's kind of expensive though.

Gabriel

-----Original Message-----
From: Arendt, Jordan LRN [mailto:Jordan.Arendt@sasked.gov.sk.ca] Sent: Tuesday, January 28, 2003 2:51 PM
To: 'Zimin, Alex'; defaillance@hushmail.com; focus-ms@securityfocus.com Subject: RE: Win2k log management

Nice perl script that we use for NT, and I believe works with win2k.

http://perlmonks.thepen.com/15057.html

I've modified it and added some comments/documentation.

########################################################################

Do you need help?

# Comments:

# There are several things that need to be done for setup

# 2. Share that directory with a share name of event_logs
on.
# 4. On the server Zephyr (or whatever you've changed it to)

# create a directory event_logs and share it as event_logs

#
########################################################################
#

use Win32::EventLog;
use File::Copy;
use Time::localtime;

open(OUTFH,"+>>\\\\ZEPHYR\\event_logs\\buerrs.log"); @servers = ("S1","S2","S3","S4");
@logs = ("System","Application","Security");
#($sec,$min,$hour,$mday,$mon,$year) = localtime();

$year = localtime->year() + 1900;
$month = localtime->mon()+1;
$day = localtime->mday();
$hour = localtime->hour();
$min = localtime->min();
$sec = localtime->sec();
$date = join("_",$year,$month,$day,$hour,$min,$sec);

for ( $i = 0; $i <= $#servers ; $i++ )
{

foreach $eventlog (@logs)
{

        $filename = $eventlog. "_" . $servers[$i] . "_" . $date;
        $handle = Win32::EventLog->new("$eventlog","\\\\$servers[$i]")
or
            die "Can't open $eventlog Eventlog on $servers[$i]:$!\n";

# The directory event_logs was created on each server.

        $handle->Clear("c:\\event_logs\\$filename.evt") or
            print OFH "Could not clear and backup the $eventlog Eventlog

on
$servers[$i]\n";

Do you need more help?

$handle->Close;

move("\\\\$servers[$i]\\event_logs\\$filename.evt","\\\\ZEPHYR\\event_lo gs\\
$eventlog\\$filename.evt")

or warn "Could not move $filename to ZEPHYR:$!\n"; }
}
close OUTFH;

-----Original Message-----
From: Zimin, Alex [mailto:alex@towerrecords.com] Sent: January 24, 2003 4:11 PM
To: defaillance@hushmail.com; focus-ms@securityfocus.com Subject: RE: Win2k log management

Try event log management tools from "Dorian Software". http://www.doriansoft.com/

Alex.

> -----Original Message-----
> From: defaillance@hushmail.com [mailto:defaillance@hushmail.com] 
> Sent: Friday, January 24, 2003 10:04 AM
> To: focus-ms@securityfocus.com
> Subject: Win2k log management
> 
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> I am currently administering over 10 server(advanced) and 20 
> workstation (pro), The management of 
> event/security/application log has become unbeareable,so im 
> looking for a centralized management solution were the 
> informatin would be gather from server/workstation to a 
> specific server, so the question is: Anyone aware of such a 
> software that could do the job ? commercial or freeware, I 
> basically just want to avoid having to walk over to check 
> them manually.
> 
> also if anyone who has faced this situation is willing to 
> share their knowledge on the subject...
> 
> Thanks
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.2 (Java)
> Note: This signature can be verified at 
> 
https://www.hushtools.com/verify
> 
> 
> wl8EARECACAFAj4xf/sZHGRlZmFpbGxhbmNlQGh1c2htYWlsLmNvbQAKCRAAqpYJlh8f
> xQ7GAJ9+/LTX1k/uD/cY6mzx8iPKehJGhgCY8S0SZc03cmWwXsZwQBpQ8K7Rog==
> =4gCk
> -----END PGP SIGNATURE-----
Can we help you? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
> 
> 
> 
> 
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: 
https://www.hushmail.com/?l=2 
> 
> Big $$$ to be made with the HushMail Affiliate Program: 
> 
https://www.hushmail.com/about.php?subloc=affiliate&l=427
>

Received on Wed Jan 29 15:33:51 2003

This message: [ Message body ]
Next message: Thomas Cameron: "RE: uh, oh (was:Re: w2k server compromised)"
Previous message: jklemenc(at)fnal.gov: "Re: Problems with Pwdump3e"
Maybe in reply to: defaillance(at)hushmail.com: "Win2k log management"
In reply to Arendt, Jordan LRN: "RE: Win2k log management"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:26 EDT