Hey Tina! > For years one of my *favorite* parts of Microsoft logging is that > event IDs *have* remained consistent across versions of the operating > systems... > What's the plan for heterogeneous Windows environments? We almost always kept the same event ID's from version to version pre-Vista. The problem was that the tools didn't do well correlating events or finding a subset of events with a similar characteristic so we'd either split an event ID into two, or combine two into one, depending on which problem was being complain^h^h^h emphasized more at the time. However we did a whole bunch of event cleanup in Vista and the resulting events were different enough from their pre-Vista equivalents to break automation. So we had to renumber, to save you. But I knew that folks like you on this list would want to leverage your pre-Vista knowledge instead of memorizing 300-odd new events. So here is my New Years' gift to all of you. For almost all security log events, EventId(Vista) = EventId(PreVista) + 4096 You can do it in your head- add 4000, add 100, subtract 4. 528 --> 4624, etc. Best regards, Eric _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Mon Jan 15 2007 - 17:41:29 PST