Re: Auditing XP event security logs

["Jon Wallace" <security () b69ca com>]

Hey Gary,

Check out the PSTOOLS from SysInternals - http://www.sysinternals.com (a 
free collection of tools).  One of the tools PSLOGLIST.EXE allows you to 
view the event logs of a machine, either locally or remotely.  It would be 
possible to schedule this from one machine to routinely bring all your logs 
together.

You can also filter the events you want with this tool and have the option 
to clear the log when you have finished.

Give it a whirl, good luck.

Regards,
Jon Wallace

----- Original Message ----- 
From: "Gary Collis" <onesl1fox () 27 eclipse co uk>
To: <security-basics () securityfocus com>
Sent: Wednesday, November 29, 2006 12:46 PM
Subject: Auditing XP event security logs


> Hi List,
>
> I am aiming to monitor the useage of local admin accounts that I have set 
> up on 40 machines. I have turned on auditng for the machines via group 
> policy, and events seem to be logging OK. However I would like to 
> automatically consolidate the logs into one central location, possibly an 
> SQL database for ease of reference and historical purposes, and if 
> possible produce some stats from them ( in a graph if possible, for 
> management) e.g amount of times logged in on a particular day/week etc.
>
> Does anyone know of any tools that can help me achieve this? Ideally I am 
> looking for free tools.
>
> Thanks,