Hi. |Subject: Re: [logs] About Windows NT/2000 logs |From: Kenji Yamamoto <yamakenat_private> |Date: Mon, 11 Mar 2002 03:36:43 +0900 |Message-Id: <ETHERNETf69aZbLAX3c00000017at_private> |User-Agent: EdMax Ver2.94.1 | | Now I ask you, why couldn't this have been an | | option for the event log? | | | | Is there any chance that the perl module can be | | set up as a plugin of some sort to log the | | events to a text file? | | You shold check better: eventtrigger.exer and eventquery.vbs | which are with XP or later. I am not sure about perl plug-in, but there are three command line modules up in Windows XP: ------------------------------------------------------------ * Eventcreate.exe With this you can create you custom events. Pls see help if you have XP. Examples from command help: EVENTCREATE /T ERROR /ID 1000 /L APPLICATION /D "My custom error event for the application log" EVENTCREATE /T ERROR /ID 999 /L APPLICATION /SO WinWord /D "Winword event 999 happened due to low diskspace" EVENTCREATE /S system /T ERROR /ID 100 /L APPLICATION /D "Custom job failed to install" EVENTCREATE /S system /U user /P password /ID 1 /T ERROR /L APPLICATION /D "User access failed due to invalid user credentials" * Eventquery.vbs A VBScript with which you can query the events. Can redirect to a text file. So with command-line SMTP client you can batch the query job. Pls see help. Examples from command help: EVENTQUERY.vbs EVENTQUERY.vbs /L system EVENTQUERY.vbs /S system /U user /P password /V /L * EVENTQUERY.vbs /R 10 /L Application /NH EVENTQUERY.vbs /R -10 /FO LIST /L Security EVENTQUERY.vbs /R 5-10 /L "DNS Server" EVENTQUERY.vbs /FI "Type eq Error" /L Application EVENTQUERY.vbs /L Application /FI "Datetime eq 06/25/00,03:15:00AM-06/25/00,03:15:00PM" EVENTQUERY.vbs /FI "Datetime gt 08/03/00,06:20:00PM" /FI "Id gt 700" /FI "Type eq warning" /L System * Eventtriggers.exe You can create triggers and consequent events with this tool. So many option, it seems. Pls see help for more info. Examples from command help: EVENTTRIGGERS /Create /? EVENTTRIGGERS /Create /TR "Disk Cleanup" /L SYSTEM /T ERROR /TK c:\windows\system32\cleanmgr.exe EVENTTRIGGERS /Create /S system /U user /TR "Low Disk Space" /EID 4133 /T WARNING /TK \\srv\share\dsk.cmd EVENTTRIGGERS /Create /S system /U domain\user /P password /TR "Disk Backup" /EID 4133 /L SYSTEM /T ERROR /TK \\system\share\ntbackup.exe EVENTTRIGGERS /Create /RU user /RP password /TR "Disk Backup" /TK \\system\share\ntbackup.exe /EID 4 ------------------------------------------------------------ HTH Regards, Kenji Yamamoto -- DFASU (Digital Forest Advanced Security Unit) Kenji Yamamoto, Security Consultant [mailto: kyamamotoat_private] [URL] http://www.digitalforest.ad.jp/ --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Sun Mar 10 2002 - 21:52:12 PST