Chris, > Yes - there's an entire API for manipulating the > event logs. You might > want to download Perl from ActiveState.com - they > include the > Win32::EventLog module by default and the > documentation includes some examples. Excellent advice. I've got other examples, as well. http://patriot.net/~carvdawg/perl.html > A little bit of scripting will make you > wonder how you ever > managed to live with the event viewer. I've written scripts that use the API to get the info I want...EventLogs, audit config, file permissions, etc. I use the programs (some compiled as standalone .exes) in the Incident Response Course I teach. It's gotten so I don't know how to find the EventViewer on NT or 2K anymore...I just run my program! Carv __________________________________________________ Do You Yahoo!? Yahoo! Sports - sign up for Fantasy Baseball http://sports.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Mon Mar 04 2002 - 23:40:35 PST