Gonzalo,
A nice tool that I have found is called EventCl, by Gareth Isaac, here
http://www.mobiusware.com/freeware <http://www.mobiusware.com/freeware> .
This will allow you to consolidate your NT server logs, System, Application,
and Security to one system. The logs for each system will be there after
you dump them, which can be done from a batch file, automated, etc. You
will have to 'consolidate' them together yourself. I am sure that is
something you can do with Perl fairly easily or at least with some basic NT
shell commands. DumpEl for the NT Resource Kit will do the same, but
EventCl allows for log renaming, autosave to other system, etc that I find
works nicely.
Regarding the EventID descriptions, those come from the Performance
Monitor Libraries, (PerfLib) for the particular application/system in
question. For instance, if you want to view MS Exchange Performance
counters, you need to have Exchange loaded (at least the Administrator
program) on the PC in question. Or you could try to 'hack' the performance
libraries onto the log station using the lodctr util mentioned here. Where
you can locate the other perflibs for other things like SQL, etcetera, is
something I do not know.
I tried this once in the lab, with 'some' success. YMMV
XADM: Restoring Lost Performance Counters for Exchange (Q156494)
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q156494
<http://support.microsoft.com/default.aspx?scid=kb;EN-US;q156494>
Steve
Verbose mode for Nate's signature.
This system has detected ambulatory rodentia, the operating system must be
reinitialized for full functionality. System restarting....
(Since when did Windoze/InternetExploder/LookOut actually ask for permission
to restart?)
-----Original Message-----
From: Gonzalo Garcia [mailto:GO_GARCIAat_private]
Sent: Monday, February 04, 2002 7:40 AM
To: loganalysisat_private
Subject: [logs] NT Logs
Hi, I´m trying to do some work with NT logs and I´ve some questions,
Is possible to send all the logs to only one machine ? I've a PDC and 30
BDC and would be excellent to get the logs from only one server.
Where can I get the EventID descriptions ?
I'm writing a tiny perl script using Win32::Eventlog module, it works fine
the system logs but when I try to read the security logs and call
$hash->read(args ....) method the User key of the hashref is not in text,
I´ve read some documents and there are "masks" to apply to some keys (e.g.
TimeGenerated ) but I could not find the mask, if any for the User key. Does
someone have some experience with this ? ( $Win32::EventLog::GetMessageText
is already set to 1 ).
Does any know how to do this stuff using MFC or any non-commercial software
? I just want to read the logs and according with the EventID send a
message ( may be the hole record ) to a DB server.
Sorry about my English.
Thanks in advance,
Gonzalo S. García.
---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Mon Feb 04 2002 - 12:38:26 PST