RE: Managing Windows Event Logs
From: Chris Burton (cyberhiker99_at_yahoo.com)
Date: 06/24/03
- Previous message: David Stevens: "RE: Windows 2000 password policy"
- In reply to: Chris Lynch: "RE: Managing Windows Event Logs"
- Next in thread: Joseph Kim - HQ: "RE: Managing Windows Event Logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 Jun 2003 08:06:49 -0700 (PDT) To: lynch00@cox.net, 'Chuck Meeusen' <cmeeusen@optonline.net>, focus-ms@securityfocus.com
I have been working on writing a web application that
is kind of like that. The current thought is to
create a WMI event sink on the central "application"
server looking at the target machine. So everytime an
event triggers it logs to the central database
server(same server or different, I am writing it so
that I can change it at any time). So then you can do
all kinds of cool reporting from the web or your
favorite tool.
We here just can't see spending the kind of money that
people want to charge for something we can do already.
Currently, it is in VB/ASP so that I could manage it
from anywhere. I am also working on making it
accessible/friendly from a Palm/Pocket PC.
More to come though. Send me an e-mail if you want to
be a beta-tester or if you have a general interest.
Regards,
Chris
RedEyeTek, Inc.
--- Chris Lynch <lynch00@cox.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'm wondering why anyone hasn't suggested using WMI
> to query for WARNING and
> ERROR logs for the previous 24-hours or something
> like that? I have created
> a VBScript that goes out and queries computer
> objects within your NT/AD
> domain (using the WINNT provider, not the LDAP
> provider, but I do have an
> updated version of this). This script will create
> an HTML report that you
> can then go through server by server to see what
> event logs you need to
> examine.
>
> Chris Lynch
>
>
> - -----Original Message-----
> From: Chuck Meeusen [mailto:cmeeusen@optonline.net]
> Sent: Friday, June 20, 2003 1:28 PM
> To: focus-ms@securityfocus.com
>
> This discussion on event logs hits home for me. I'm
> attempting to build a
> system of gathering and archiving the event logs
> from a number (15 at
> present but must scale to 30-40) of NT and 2K
> servers.
> It's not pretty.
>
> My main source of information has been a document
> prepared for a SANS course
> called "Centralizing Event Logs on Windows 2000" by
> Greg Lalla. He scripts
> dumpevt.exe which I've found to be very effective
> and then bcp's the csv's
> into a SQL dbase.
>
> So I'm wondering what anyone else is doing to gather
> logs and archive?
>
> C.
>
>
> -
>
----------------------------------------------------------------------------
> -
> -
>
----------------------------------------------------------------------------
> --
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0
> Comment: Public PGP key for Chris Lynch
>
>
iQA/AwUBPvcc3G9fg+xq5T3MEQI6OQCguHwSa3Nqdf1Iwbq01eCOhpPuAzoAn2nT
> v52++nbNCHwBUPhsEYmcpIX0
> =2f+k
> -----END PGP SIGNATURE-----
>
>
>
>
-----------------------------------------------------------------------------
>
------------------------------------------------------------------------------
>
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
-----------------------------------------------------------------------------
------------------------------------------------------------------------------
- Previous message: David Stevens: "RE: Windows 2000 password policy"
- In reply to: Chris Lynch: "RE: Managing Windows Event Logs"
- Next in thread: Joseph Kim - HQ: "RE: Managing Windows Event Logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
