There are plenty of freeware options available for rotating EventLogs. The NTSyslog/Kiwi Syslog server is a good one that I've been testing out. Another is Perl. Using ActiveState's ActivePerl, I've written scripts for retrieving EventLog entries. Go to: http://patriot.net/~carvdawg/perl.html and check out dumpevt.pl. This script uses Win32::Lanman and Win32::Perms to retrieve the EventLog entries, as well as the audit policy, in .csv format. I've also written other scripts in the past that will comb an infrastructure for EventLog entries on all of the servers, write those entries to a spreadsheet (using Spreadsheet::WriteExcel, which produces a binary file compatible w/ Excel), w/ a separate worksheet for each type of log. Also on the web page above is a script called WmiEvt.pl, which implements WMI in Perl to watch for new events to be generated. This is a suitable skeleton for a full-blown syslog client (add Win32::Daemon to make it a service, and Net::Syslog to generate the events to syslog), in that it uses no polling whatsoever. __________________________________________________ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Mon May 06 2002 - 08:34:28 PDT