Firewall Wizards mailing list archives
Re: NT Log Files
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Fri, 30 Jul 1999 12:36:46 -0400
A while back there was a thread started by MJR, I believe, that included discussion of NT log files and the possible ways to monitor them. I searched the archive for info, but was unable to locate the thread.
Short summary: I got the O'Reilly book on NT logging and read it. It turns out that NT logs are stored with application specific codings based on the DLLs that are installed on the system generating the logs. This is done for internationalization, so it makes sense but it's a pain. The only way to "resolve" the coded logs into text reliably is to do it on the machine where the logs were generated. My idea had been to push the logs to someplace else and then process them en masse. No dice. There is a tool out there that resolves the logs into text and pushes them to "loghost" via UNIX syslog calls. There are a couple versions of such things floating around. One is http://www.adiscon.com/EvntSLog/main.asp There is a syslogd for NT http://www.netal.com/SL4NT03.htm mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- NT Log Files Buckley, Neil (Jul 30)
- Re: NT Log Files Marcus J. Ranum (Jul 30)