RE: NT/2000 Event Logs

From: Free, Bob (RWF4@pge.com)
Date: 11/21/01

• Previous message: Paul L Schmehl: "Re: Hiding HTML code from being viewed."
• Maybe in reply to: riezel.t.serdan@accenture.com: "NT/2000 Event Logs"
• Next in thread: Arendt, Jordan ED0: "RE: NT/2000 Event Logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <2DBFCBE6D1DAD11191E300805F577D1202C10FFA@exchange104.comp.pge.com>
From: "Free, Bob" <RWF4@pge.com>
To: "'riezel.t.serdan@accenture.com'" <riezel.t.serdan@accenture.com>, focus-ms@securityfocus.com
Subject: RE: NT/2000 Event Logs
Date: Wed, 21 Nov 2001 11:19:13 -0800

PsLogList @ http://www.sysinternals.com/ntw2k/freeware/pstools.shtml will
dump to a csv and is quite flexible, could be easily scripted. There are a
number of other possibilities available freely. If you have the Resource
Kit, dumpel will dump to a tab delimited file and also comes to mind.
Resource KIT also contains PERL scripts for logs you could utilize or
modify.

There are lots of examples of the PERL WIN32::EventLog mod available, one
being Harlan Carvey's dumpevt @
http://www.roth.net/perl/scripts/scripts.asp?DumpEvt.pl

I'm sure there are vbscript, jscript etc solutions available as well but I
never needed to go there ;-]

HTH

Bob Free
Sr. Network Specialist
ISTS/ITUSS/DC/System Server Support
PG&E Auburn, Ca

-----Original Message-----
From: riezel.t.serdan@accenture.com
[mailto:riezel.t.serdan@accenture.com]
Sent: Tuesday, November 20, 2001 9:42 PM
To: focus-ms@securityfocus.com
Subject: NT/2000 Event Logs

Hi all,

I just want to know if there is a way to save the event logs through
scripting (vbscript, jscript, etc.) in a tab or comma delimeted format?

Riezel T. Serdan
Accenture
CIO Technology Services - Data Center Operations
Email: riezel.t.serdan@accenture.com

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you have
received it in error, please notify the sender immediately and delete the
original. Any other use of the email by you is prohibited.

---

• Previous message: Paul L Schmehl: "Re: Hiding HTML code from being viewed."
• Maybe in reply to: riezel.t.serdan@accenture.com: "NT/2000 Event Logs"
• Next in thread: Arendt, Jordan ED0: "RE: NT/2000 Event Logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Recording LogonLogoff ... >> You can enable logon/logoff auditing and use the Event Logs or you can ... >> implement the scripts and have a simple text file (which BTW very easily ... >>> Jim ... (microsoft.public.backoffice.smallbiz2000) Script Writing - Checking Event log ... Looking for pointers where I can read about creating scripts that will look ... through event logs for certain conditions and then take an action. ... Feedback is appreciated. ... (microsoft.public.windows.server.sbs) Re: Script Writing - Checking Event log ... > Looking for pointers where I can read about creating scripts that will ... > through event logs for certain conditions and then take an action. ... > Jeff Loucks ... (microsoft.public.windows.server.sbs) Re: event logs : is there a way to save them remotely? ... These scripts should help you out, ... Microsoft MVP - Windows Security ... > We'd like to save/copy the event logs remotely to a central location. ... > or is there a third party tool available? ... (microsoft.public.security) RE: Event log managment ... > We use dumpel to dump them to text ... > I then use Excel to check my event logs. ... a SQL db as well as to comma-delim. ... Check out Yahoo! ... (Focus-Microsoft)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ms  > 2001-11