Re: [logs] NT Logs

From: Frank Heyne (fhat_private-dresden.de)
Date: Tue Feb 05 2002 - 11:46:08 PST

Next message: John Campbell: "RE: [logs] Tool for Statistical LogAnalysis over time?"

Previous message: Mike Blomgren: "[logs] Tool for Statistical LogAnalysis over time?"
Maybe in reply to: Gonzalo Garcia: "[logs] NT Logs"
Next in thread: Gonzalo Garcia: "RE: [logs] NT Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5 Feb 2002, at 11:12, Birk Richter wrote:

> our conclusion are: 
> 1. you can build a central EventLog if you pay no attantion to the Security
> EventLog
>    (this is unacceptable in most cases)
> 2. you can build a central database (without EventLog service)
>    for all EventLog types.

The other way is to write the eventlog records to your own EVT files, 
without using the eventlog service for writing.
For instance Elwiz from http://www.heysoft.de/ uses this way to write 
only important events from all the machines it watches into one file, with 
the correct computer names. Because eventlog records contain 2 time 
stamps, Elwiz leaves TimeGenerated unchanged and changes 
TimeWritten to the time when it fetched the event.

Frank Heyne

---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: John Campbell: "RE: [logs] Tool for Statistical LogAnalysis over time?"
Previous message: Mike Blomgren: "[logs] Tool for Statistical LogAnalysis over time?"
Maybe in reply to: Gonzalo Garcia: "[logs] NT Logs"
Next in thread: Gonzalo Garcia: "RE: [logs] NT Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Feb 05 2002 - 12:27:23 PST