It's not part of Windows Server 2003- it's part of Longhorn, our next release. I tried to get it into W2K3 but it's just not ready yet. We have preliminary code running internally and the results are very promising. Replacing the event log requires months, perhaps years, of run time internally under stress before we'd release it as part of the OS. Eric -----Original Message----- From: Rainer Gerhards [mailto:rgerhardsat_private] Sent: Monday, January 20, 2003 11:20 AM To: Eric Fitzgerald; Frank O'Dwyer; Paul D. Robertson Cc: H C; loganalysisat_private; Tina Bird; Marcus J. Ranum; Ben Laurie Subject: RE: [logs] RE: NT Event Log and Web Server Attacks Hi Eric, Is the new stuff already available in some beta or preview of Windows Server 2003? Rainer Gerhards Adiscon > -----Original Message----- > From: Eric Fitzgerald [mailto:ericfat_private] > Sent: Monday, January 20, 2003 8:18 PM > To: Frank O'Dwyer; Paul D. Robertson > Cc: H C; Rainer Gerhards; loganalysisat_private; Tina > Bird; Marcus J. Ranum; Ben Laurie > Subject: RE: [logs] RE: NT Event Log and Web Server Attacks > > > Hi Frank, > > Current event log APIs will continue to work, is what I am > told, but will be wrappers around the new API set. The > on-disk log format will be different. > > Eric > > -----Original Message----- > From: Frank O'Dwyer [mailto:fodat_private] > Sent: Monday, January 20, 2003 11:07 AM > To: Eric Fitzgerald; Paul D. Robertson > Cc: H C; Rainer Gerhards; loganalysisat_private; Tina > Bird; Marcus J. Ranum; Ben Laurie > Subject: RE: [logs] RE: NT Event Log and Web Server Attacks > > > How about stuff like OpenEventLog, ReadEventLog, > EVENTLOGRECORD - will these continue to work, and/or have new > equivalents? > > Cheers, > Frank > > > -----Original Message----- > > From: Eric Fitzgerald [mailto:ericfat_private] > > Sent: 20 January 2003 19:00 > > To: Frank O'Dwyer; Paul D. Robertson > > Cc: H C; Rainer Gerhards; loganalysisat_private; Tina Bird; > > Marcus J. Ranum; Ben Laurie > > Subject: RE: [logs] RE: NT Event Log and Web Server Attacks > > > > > > The new service will be 100% backwards compatible with the existing > > Event Log service APIs, and some of the capabilities of the new > > service will be available even to apps that use legacy > eventing APIs, > > but you'll have to change API calls to take full advantage > of all the > > features of the new service. > > > > Eric > > > > -----Original Message----- > > From: Frank O'Dwyer [mailto:fodat_private] > > Sent: Monday, January 20, 2003 10:56 AM > > To: Eric Fitzgerald; Paul D. Robertson > > Cc: H C; Rainer Gerhards; loganalysisat_private; Tina Bird; > > Marcus J. Ranum; Ben Laurie > > Subject: RE: [logs] RE: NT Event Log and Web Server Attacks > > > > > > > We have something up our sleeve but I don't want to over-promise & > > > under-deliver. Look for a significant audit collection > and analysis > > > > tool from us this summer, and a completely replaced event log > > > service with some really neat analysis capabilities in the next > > > version of Windows. > > > > What will this mean to users of the current APIs? > > > > Both analysers and ordinary programs doing logging? > > > > Cheers, > > Frank > > > > > > > > _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Jan 20 2003 - 14:13:14 PST