Hi Gord, You can use a boot-time file replacement tool to replace an empty event log file with a saved full log. If you're testing a log collection system then this is probably your best bet for simulating real-world variety in the log. Here in Microsoft we use scripts or other tools to create the specific events we want by causing the auditable condition. The normal event log API [ReportEvent()] does NOT support the security log. Eric Fitzgerald Program Manager, Windows Auditing Microsoft Corporation -----Original Message----- From: loganalysis-bounces+ericf=windows.microsoft.com@private [mailto:loganalysis-bounces+ericf=windows.microsoft.com@private] On Behalf Of gord.taylor@private Sent: Thursday, July 15, 2004 10:54 AM To: loganalysis@private Subject: [logs] Tool for generating Windows Security Events Does anyone know of a tool I can use to generate a high volume of Windows Security Event entries on a Windows 2000 or 2003 box? I want to be able to generate a high volume of security events to test log collection tool capacity. I know I could do this by doing failed logins or something similar, but since most collection tools can aggregate data I'd rather not generate thousands of the same event, but rather have them in a "pseudo-random" or at least a more realistic order as they would appear in production. Unfortunately, some of the tools I'm evaluating look at the Security Event log only, so I can't just create a bunch of custom/random events in the Application log using LOGEVENT.EXE or similar tools.. Any help would be appreciated... Thanks Gord T. ------------------------------------------------------------This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately. Ce courrier électronique est confidentiel et protégé. L'expéditeur ne renonce pas aux droits et obligations qui s'y rapportent. Toute diffusion, utilisation ou copie de ce message ou des renseignements qu'il contient par une personne autre que le (les) destinataire(s) désigné(s) est interdite. Si vous recevez ce courrier électronique par erreur, veuillez m'en aviser immédiatement, par retour de courrier électronique ou par un autre moyen. ============================================================ _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Mon Jul 26 2004 - 14:57:54 PDT