[Pauldotcom] Winxp event viewer
Dimitrios Kapsalis
dimitrios at gmail.com
Mon Nov 1 19:21:57 UTC 2010
Thanks everyone will try these out!
Sent from my iPhone
On Nov 1, 2010, at 10:22 AM, Larry McDonald <larrymcdonald at uhost.org> wrote:
> I would say use Logparser on the command line and run a nice select statement against the evt file or if you dont like the command line using event log explorer and filter on it and you can export it to say a csv or excel or something and do what you want with it.
>
> On Mon, Nov 1, 2010 at 10:12 AM, Vincent Lape <vlape at me.com> wrote:
> You should be able to save the log files from the log viewer. If you want to try to convert them to stalky format you can try using snare or lasso. If you are looking to do some deep searching on the log data I would recommend downloading splunk. You can have it pull the data off in several ways WMI, nfs, or agent based. They give a 500mb/ day index license away for free.
>
>
>
>
> On Oct 31, 2010, at 8:45 PM, Dimitrios Kapsalis <dimitrios at gmail.com> wrote:
>
> > It is. I was wondering if any tools exists to pull it from there.
> >
> > Sent from my iPad
> >
> > On Oct 31, 2010, at 7:37 PM, Vincent Lape <vlape at me.com> wrote:
> >
> >> Should be in the security event log if you have failures turned on.
> >>
> >>
> >>
> >> On Oct 31, 2010, at 2:11 PM, Dimitrios Kapsalis <dimitrios at gmail.com> wrote:
> >>
> >>> Hey all,
> >>>
> >>> One of my xp home boxes is being bruteforce scanned on ssh port. Anyway to interface with event viewer to harvest source IP addresses and usernames attackers are using?
> >>>
> >>>
> >>>
> >>> Sent from my iPhone
> >>> _______________________________________________
> >>> Pauldotcom mailing list
> >>> Pauldotcom at mail.pauldotcom.com
> >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> >>> Main Web Site: http://pauldotcom.com
> >> _______________________________________________
> >> Pauldotcom mailing list
> >> Pauldotcom at mail.pauldotcom.com
> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> >> Main Web Site: http://pauldotcom.com
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
>
>
> --
> Larry McDonald
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20101101/9c894d69/attachment.htm
More information about the Pauldotcom
mailing list