Re: NT Log Files

["Marcus J. Ranum" <mjr () nfr net>]

> A while back there was a thread started by MJR, I believe, that included
> discussion of NT log files and the possible ways to monitor them.  I
> searched the archive for info, but was unable to locate the thread.

Short summary:
        I got the O'Reilly book on NT logging and read it.

        It turns out that NT logs are stored with application specific
                codings based on the DLLs that are installed on the
                system generating the logs. This is done for
                internationalization, so it makes sense but it's a pain.
                The only way to "resolve" the coded logs into text reliably
                is to do it on the machine where the logs were generated.
                My idea had been to push the logs to someplace else and
                then process them en masse. No dice.

        There is a tool out there that resolves the logs into text
                and pushes them to "loghost" via UNIX syslog calls.
                There are a couple versions of such things floating
                around. One is http://www.adiscon.com/EvntSLog/main.asp

        There is a syslogd for NT http://www.netal.com/SL4NT03.htm


mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr