Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > focus-ms > 03 > 060818.html (Request Expert securityfocus.com Support)

RE: Managing Windows Event Logs

From: Chris Lynch <lynch00(at)cox.net>
Date: Mon Jun 23 2003 - 11:29:32 EDT

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm wondering why anyone hasn't suggested using WMI to query for WARNING and ERROR logs for the previous 24-hours or something like that? I have created a VBScript that goes out and queries computer objects within your NT/AD domain (using the WINNT provider, not the LDAP provider, but I do have an updated version of this). This script will create an HTML report that you can then go through server by server to see what event logs you need to examine.

Chris Lynch

  • -----Original Message----- From: Chuck Meeusen [mailto:cmeeusen@optonline.net] Sent: Friday, June 20, 2003 1:28 PM To: focus-ms@securityfocus.com

This discussion on event logs hits home for me. I'm attempting to build a system of gathering and archiving the event logs from a number (15 at present but must scale to 30-40) of NT and 2K servers. It's not pretty.

My main source of information has been a document prepared for a SANS course called "Centralizing Event Logs on Windows 2000" by Greg Lalla. He scripts dumpevt.exe which I've found to be very effective and then bcp's the csv's into a SQL dbase.

So I'm wondering what anyone else is doing to gather logs and archive?

C.

Do you need help?X

-


-
-

--

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: Public PGP key for Chris Lynch

iQA/AwUBPvcc3G9fg+xq5T3MEQI6OQCguHwSa3Nqdf1Iwbq01eCOhpPuAzoAn2nT v52++nbNCHwBUPhsEYmcpIX0
=2f+k
-----END PGP SIGNATURE-----

Received on Mon Jun 23 15:49:37 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:31 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library