Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NT log file format?

From: Joseph S D Yao <jsdy () cospo osis gov>
Date: Thu, 25 Mar 1999 18:10:43 -0500 (EST)
Anyone got any pointers to C code for dissecting NT log
file formats under UNIX? Or is that pretty much an insane/inane
idea?


The hard part about NT log files is that the event ID is stored
as a number, and that number is pulled out of files on the NT
box when it's viewed.  So for example, if you install an application
that logs to one of the NT logs, it will also install the files that are
used to look up event IDs in.


This table is available in some documentation, either hardcopy or on a
CD ROM.  I remember I pulled it out for a security breach emulator (for
a class).  That code is owned by a USG group that ... doesn't exist any
more.  And I don't have it.  But at least you know that the information
exists.

--
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support                                     EMT-A/B
-----------------------------------------------------------------------
        PLEASE ... send or Cc: all "COSPO/OSIS Computer Support"
                     mail to sys-adm () cospo osis gov
-----------------------------------------------------------------------
      This message is not an official statement of COSPO policies.
Previous By Date Next
Previous By Thread Next

Current thread: