Firewall Wizards mailing list archives

Re: NT log file format?

From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Thu, 25 Mar 1999 12:53:07 -0800

Anyone got any pointers to C code for dissecting NT log
file formats under UNIX? Or is that pretty much an insane/inane
idea?


The hard part about NT log files is that the event ID is stored
as a number, and that number is pulled out of files on the NT
box when it's viewed.  So for example, if you install an application
that logs to one of the NT logs, it will also install the files that are
used to look up event IDs in.

The end result is that if one views the logs elsewhere, one
doesn't always get a description of what the event is, because
those files aren't on the system where the logs are being viewed.
This makes in challenging to view logs on a different NT box,
let alone a unix box.

If you're looking a limited set of events, you could make your own
map by hand.

                         Ryan

Current thread:

NT log file format? Marcus J. Ranum (Mar 25)
- Re: NT log file format? Paul M. Cardon (Mar 25)
- RE: NT log file format? David Bovee (Mar 26)
- <Possible follow-ups>
- Re: NT log file format? Ryan Russell (Mar 25)
  - Re: NT log file format? Joseph S D Yao (Mar 26)
  - Re: NT log file format? davi (Mar 26)
  - Re: NT log file format? sedwards (Mar 26)
- RE: NT log file format? Choi, Byoung (Mar 25)
- Re: NT log file format? Lart (Mar 26)
- Re: NT log file format? ark (Mar 26)
  - Re: NT log file format? David Gillett (Mar 26)
- RE: NT log file format? Kenneth_W_Fox (Mar 26)