RE: Win2k log management

From: Arendt, Jordan LRN (Jordan.Arendt@sasked.gov.sk.ca)
Date: 01/28/03

  • Next message: Jackson, Ben (DPH): "RE: Win2k log management" 
    From: "Arendt, Jordan LRN" <Jordan.Arendt@sasked.gov.sk.ca>
To: "'Zimin, Alex'" <alex@towerrecords.com>, defaillance@hushmail.com, focus-ms@securityfocus.com
Date: Tue, 28 Jan 2003 11:50:57 -0600

    Nice perl script that we use for NT, and I believe works with win2k.

    http://perlmonks.thepen.com/15057.html

    I've modified it and added some comments/documentation.

    #########################################################################
    # Original Script came from: http://perlmonks.thepen.com/15057.html
    # Modified by: Jordan Arendt on May 23, 2002
    # Script Name: eventdump.pl

    # Comments:

    # There are several things that need to be done for setup
    # 1. Create a directory called c:\event_logs on every server
    # that you are going to want to dump the eventlogs from.

    # 2. Share that directory with a share name of event_logs
    # 3. Change ZEPHYR to whatever server you want to store your logs on.
    # 4. On the server Zephyr (or whatever you've changed it to)

    # create a directory event_logs and share it as event_logs
    # 5. Create the directories event_logs\Application
    # ,event_logs\Security, and event_logs\System on Zephyr
    # 6. Add the servers you want to get the logs from to the
    # @servers line. ex. @servers = ("S1","S2","S3");
    # 7. Create a directory c:\event_logs on each server you are
    # dumping logs from and share it as event_logs
    # 8. Active State Perl needs to be installed on the machine you
    # want to run this from. You can schedule it with the
    # scheduler with the command: perl eventdump.pl

    #
    #########################################################################
    use Win32::EventLog;
    use File::Copy;
    use Time::localtime;
    open(OUTFH,"+>>\\\\ZEPHYR\\event_logs\\buerrs.log");
    @servers = ("S1","S2","S3","S4");
    @logs = ("System","Application","Security");
    #($sec,$min,$hour,$mday,$mon,$year) = localtime();
    $year = localtime->year() + 1900;
    $month = localtime->mon()+1;
    $day = localtime->mday();
    $hour = localtime->hour();
    $min = localtime->min();
    $sec = localtime->sec();
    $date = join("_",$year,$month,$day,$hour,$min,$sec);

    for ( $i = 0; $i <= $#servers ; $i++ )
    {
        foreach $eventlog (@logs)
        {

            $filename = $eventlog. "_" . $servers[$i] . "_" . $date;
            $handle = Win32::EventLog->new("$eventlog","\\\\$servers[$i]") or
                die "Can't open $eventlog Eventlog on $servers[$i]:$!\n";

    # The directory event_logs was created on each server.

            $handle->Clear("c:\\event_logs\\$filename.evt") or
                print OFH "Could not clear and backup the $eventlog Eventlog on
    $servers[$i]\n";
            $handle->Close;
     
    move("\\\\$servers[$i]\\event_logs\\$filename.evt","\\\\ZEPHYR\\event_logs\\
    $eventlog\\$filename.evt")
                or warn "Could not move $filename to ZEPHYR:$!\n";
        }
    }
    close OUTFH;

    -----Original Message-----
    From: Zimin, Alex [mailto:alex@towerrecords.com]
    Sent: January 24, 2003 4:11 PM
    To: defaillance@hushmail.com; focus-ms@securityfocus.com
    Subject: RE: Win2k log management

    Try event log management tools from "Dorian Software".
    http://www.doriansoft.com/

    Alex.

    > -----Original Message-----
    > From: defaillance@hushmail.com [mailto:defaillance@hushmail.com]
    > Sent: Friday, January 24, 2003 10:04 AM
    > To: focus-ms@securityfocus.com
    > Subject: Win2k log management
    >
    >
    >
    > -----BEGIN PGP SIGNED MESSAGE-----
    >
    > I am currently administering over 10 server(advanced) and 20
    > workstation (pro), The management of
    > event/security/application log has become unbeareable,so im
    > looking for a centralized management solution were the
    > informatin would be gather from server/workstation to a
    > specific server, so the question is: Anyone aware of such a
    > software that could do the job ? commercial or freeware, I
    > basically just want to avoid having to walk over to check
    > them manually.
    >
    > also if anyone who has faced this situation is willing to
    > share their knowledge on the subject...
    >
    > Thanks
    > -----BEGIN PGP SIGNATURE-----
    > Version: Hush 2.2 (Java)
    > Note: This signature can be verified at
    > https://www.hushtools.com/verify
    >
    >
    > wl8EARECACAFAj4xf/sZHGRlZmFpbGxhbmNlQGh1c2htYWlsLmNvbQAKCRAAqpYJlh8f
    > xQ7GAJ9+/LTX1k/uD/cY6mzx8iPKehJGhgCY8S0SZc03cmWwXsZwQBpQ8K7Rog==
    > =4gCk
    > -----END PGP SIGNATURE-----
    >
    >
    >
    >
    > Concerned about your privacy? Follow this link to get
    > FREE encrypted email: https://www.hushmail.com/?l=2
    >
    > Big $$$ to be made with the HushMail Affiliate Program:
    > https://www.hushmail.com/about.php?subloc=affiliate&l=427
    >