Just to add to the list... EvLog: http://www.altairtech.ca/evlog/, a freeware that can be used to retrive remote event logs and put them in HTML format with links to www.eventid.net. It can be scheduled with MS Task Scheduler (so it can be as realtime as other agents using a polling interval). Regards, Adrian Grigorof www.altairtech.ca www.firegen.com -----Original Message----- From: loganalysis-bounces+jlancaster=sagiss.com@private [mailto:loganalysis-bounces+jlancaster=sagiss.com@private] On Behalf Of Jian Zhen Sent: Friday, July 30, 2004 1:31 PM To: loganalysis@private Subject: Re: [logs] collecting remote windows logs Hi all.. many thanks to everyone who's responded. I received many tips on how this can be accomplished...basically i've gathered 4 ways... 1. Snare (or similar agents) sending to syslog...the kewl thing is that Intersect Alliance has provided a couple scripts that will allow you to install Snare onto remote machines in your domain... 2. DumpEvt...this is actually a pretty good way as you can dump logs from local and remote machines and format it the way you want it to...only thing is this is not real-time, so if you are looking for real-time, this is not the solution; however, in my case, I was not looking for real-time... 3. Win32::EventLog...works pretty good, since you can write your own script to do stuff, you can be flexible in what you want to keep or discard...not real-time...but you can easily write something that does what DumpEvt does with the added benefit of dumping the events to syslog...and still be agentless 4. Win32::OLE using WMI...pro'ly the most flexible solution, it can monitor for new log entries...so it can be a real-time solution.. plus you have the flexibility of deciding what you want to do with the log once you receive it...send to syslog, discard, etc...however, i have read that this is pretty resource intensive...have not tested this approach to its limit tho... again, thanks for the response and tips... Jian Jian Zhen (jlz@private) [040726 15:34]: > Hi everyone, > > Was wondering if anyone has written anything to remotely collect windows > logs. > > I wrote a couple perl scripts (ActivePerl), one using Win32::EventLog and > the other using Win32::OLE (WMI). Both of them work fine on the local > machine but I am having a bit of trouble getting it to work for remote > machines. > > According to (search results from) Google, there's a Win32::OLD method called > "ConnectServer" in which one can use to connect to remote machines, but > I haven't been able to find any examples on using that with collecting > logs. > > If you have any insight into this, I would love to chat with you. > > Thanks in advance > > Jian > > _______________________________________________ > LogAnalysis mailing list > LogAnalysis@private > http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Sep 02 2004 - 12:29:30 PDT