On 5/24/05, josh at joshwelch.com <josh at joshwelch.com> wrote: > I have fooled around with doing Windows logging using Snare, > http://www.intersectalliance.com/projects/SnareWindows/index.html. It is > interesting, but I really need to spend more time with understanding windows > events in order to get something valuable out of the data. It seems like > Windows is willing to give you lots of information, but trying to parse it in a > sane fashion is non-trivial. http://www.eventid.net is invaluable.