PaulDotCom mailing list archives
Re: Winxp event viewer
From: Dimitrios Kapsalis <dimitrios () gmail com>
Date: Mon, 1 Nov 2010 14:21:57 -0500
Thanks everyone will try these out! Sent from my iPhone On Nov 1, 2010, at 10:22 AM, Larry McDonald <larrymcdonald () uhost org> wrote:
I would say use Logparser on the command line and run a nice select statement against the evt file or if you dont like the command line using event log explorer and filter on it and you can export it to say a csv or excel or something and do what you want with it. On Mon, Nov 1, 2010 at 10:12 AM, Vincent Lape <vlape () me com> wrote: You should be able to save the log files from the log viewer. If you want to try to convert them to stalky format you can try using snare or lasso. If you are looking to do some deep searching on the log data I would recommend downloading splunk. You can have it pull the data off in several ways WMI, nfs, or agent based. They give a 500mb/ day index license away for free. On Oct 31, 2010, at 8:45 PM, Dimitrios Kapsalis <dimitrios () gmail com> wrote:It is. I was wondering if any tools exists to pull it from there. Sent from my iPad On Oct 31, 2010, at 7:37 PM, Vincent Lape <vlape () me com> wrote:Should be in the security event log if you have failures turned on. On Oct 31, 2010, at 2:11 PM, Dimitrios Kapsalis <dimitrios () gmail com> wrote:Hey all, One of my xp home boxes is being bruteforce scanned on ssh port. Anyway to interface with event viewer to harvest source IP addresses and usernames attackers are using? Sent from my iPhone _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com -- Larry McDonald _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Winxp event viewer Dimitrios Kapsalis (Oct 31)
- Re: Winxp event viewer Vincent Lape (Oct 31)
- Re: Winxp event viewer Dimitrios Kapsalis (Nov 01)
- Re: Winxp event viewer Vincent Lape (Nov 01)
- Re: Winxp event viewer Larry McDonald (Nov 01)
- Re: Winxp event viewer Dimitrios Kapsalis (Nov 01)
- Re: Winxp event viewer Bugbear (Nov 01)
- Re: Winxp event viewer Dimitrios Kapsalis (Nov 01)
- Re: Winxp event viewer Vincent Lape (Oct 31)