On Monday, March 4, 2002, at 05:56 , H C wrote: >> A little bit of scripting will make you >> wonder how you ever >> managed to live with the event viewer. > > I've written scripts that use the API to get the info > I want...EventLogs, audit config, file permissions, Perl is also great for things like making registry changes intelligently on many machines or automating tasks like installing hotfixes or service packs. > etc. I use the programs (some compiled as standalone > .exes) in the Incident Response Course I teach. It's > gotten so I don't know how to find the EventViewer on > NT or 2K anymore...I just run my program! I wrote a grep-like program for the event-log that's about a thousand times more useful than the Event Viewer. Of course that still doesn't help with the annoying way Windows programmers don't have a strong tradition of logging and you'll rapidly come to hate the people who thought "access denied" was a useful error message. Chris --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Mon Mar 04 2002 - 23:28:37 PST