RE: NT log file format?

[dbovee () inetsec com (David Bovee)]

If you're talking about the NT event log, O'Reilly published a book on this
very subject. Included with the book are example sources in C, Perl, and
other scripting languages. I haven't reviewed them recently and your
question was fairly broad, but I do have the book so feel free to pose a
more specific question and I will look it up for ya!  ;)

As far as what the other poster mentioned about event log codes, 'tis true.
However, this can be handled in a fairly simple way--several vendors (MS
included) have databases or flat files containing an index of those event
codes. Concatenate a few of those and you will likely have yourself a
comprehensive list of events. Those missing may relate only to some obscure
applications, about which you may not care to begin with.. I can also dig
out the pointer to the MS provided database of event codes if you need it..

In terms of viewing these on Unix, I've done it.  Again, you need to parse
your data and trap what you are interested in, based in part on some
repository of event codes.. Where you view your data is irrelevant (assuming
you are willing to view them outside of the native Event Viewer).

-David


> -----Original Message-----
> From: owner-firewall-wizards () nfr net
> [mailto:owner-firewall-wizards () nfr net]On Behalf Of Marcus J. Ranum
> Sent: Thursday, March 25, 1999 9:31 AM
> To: firewall-wizards () nfr net
> Subject: NT log file format?
>
>
> Anyone got any pointers to C code for dissecting NT log
> file formats under UNIX? Or is that pretty much an insane/inane
> idea?
>
> mjr.
> --
> Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
> work - http://www.nfr.net
> home - http://www.clark.net/pub/mjr