RE: Event log managment
From: H C (keydet89@yahoo.com)Date: 12/13/01
- Previous message: Colin Stefani: "RE: Event log managment"
- In reply to: McLeod, Dennis: "RE: Event log managment"
- Next in thread: Colin Stefani: "RE: Event log managment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 13 Dec 2001 12:51:19 -0800 (PST) From: H C <keydet89@yahoo.com> To: "McLeod, Dennis" <Dennis.McLeod@Nolte.com>, "'focus-ms@securityfocus.com'" <focus-ms@securityfocus.com>
> We use dumpel (Resource Kit) to dump them to text
> files.
> We then use BCP to dump the text files into a sql
> database.
> One of our programmers wrote some code to clear the
> event logs.
> I then use Excel to check my event logs.
Want to do all of this in one program? Perl, baby!
Yeah, that's right! Grab the EL entries, dump them to
a SQL db as well as to comma-delim. text files (or, if
you want to correlate activity across the domain, use
three worksheets, one for each of the main EventLogs).
Oh, yeah, and it'll clear the logs, too. Of course,
you could add to that a verification that you're
EventLog settings (size, what's being audited, etc)
hasn't been altered...
> I plan on making a schduled task run every half
> hour, and then my database
> guru will
> write a stored procedure looking for events I
> specify.
You know what may work for you is to install a syslog
client on the various systems, and have them forward
the log entries to a syslog server. just a thought...
__________________________________________________
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com
- Previous message: Colin Stefani: "RE: Event log managment"
- In reply to: McLeod, Dennis: "RE: Event log managment"
- Next in thread: Colin Stefani: "RE: Event log managment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
