Hi all.. many thanks to everyone who's responded. I received many tips on how this can be accomplished...basically i've gathered 4 ways... 1. Snare (or similar agents) sending to syslog...the kewl thing is that Intersect Alliance has provided a couple scripts that will allow you to install Snare onto remote machines in your domain... 2. DumpEvt...this is actually a pretty good way as you can dump logs from local and remote machines and format it the way you want it to...only thing is this is not real-time, so if you are looking for real-time, this is not the solution; however, in my case, I was not looking for real-time... 3. Win32::EventLog...works pretty good, since you can write your own script to do stuff, you can be flexible in what you want to keep or discard...not real-time...but you can easily write something that does what DumpEvt does with the added benefit of dumping the events to syslog...and still be agentless 4. Win32::OLE using WMI...pro'ly the most flexible solution, it can monitor for new log entries...so it can be a real-time solution.. plus you have the flexibility of deciding what you want to do with the log once you receive it...send to syslog, discard, etc...however, i have read that this is pretty resource intensive...have not tested this approach to its limit tho... again, thanks for the response and tips... Jian Jian Zhen (jlz@private) [040726 15:34]: > Hi everyone, > > Was wondering if anyone has written anything to remotely collect windows > logs. > > I wrote a couple perl scripts (ActivePerl), one using Win32::EventLog and > the other using Win32::OLE (WMI). Both of them work fine on the local > machine but I am having a bit of trouble getting it to work for remote > machines. > > According to (search results from) Google, there's a Win32::OLD method called > "ConnectServer" in which one can use to connect to remote machines, but > I haven't been able to find any examples on using that with collecting > logs. > > If you have any insight into this, I would love to chat with you. > > Thanks in advance > > Jian > > _______________________________________________ > LogAnalysis mailing list > LogAnalysis@private > http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Fri Jul 30 2004 - 21:28:34 PDT