Back in the day when NT was new the resource kit contained a book with most of the codes for the Event/Sys log on windows. Some of it was good some of it was not as good and some was not so good. Sam. josh at joshwelch.com wrote: >Quoting "Troy.A Johnson" <troy.johnson at health.state.mn.us>: > > > >>Greetings TCLUG People! >> >>Since there are many intelligent and security minded >>folks here, and the instructions involve a Linux syslog >>server, I thought I would ask you what you think of this >>little page I wrote up: >> >>http://troy.jdmz.net/syslogwin/ >> >>...and, I wondered how any syslog wizards here deal >>with the logs after they have accumulated. I have lots >>of valuable information, just no great way of reporting >>it yet. :-/ >> >>Have a great day, >> >>Troy >> >> >> > >I have fooled around with doing Windows logging using Snare, >http://www.intersectalliance.com/projects/SnareWindows/index.html. It is >interesting, but I really need to spend more time with understanding windows >events in order to get something valuable out of the data. It seems like >Windows is willing to give you lots of information, but trying to parse it in a >sane fashion is non-trivial. > >Good site for gathering enough logging information to make your head spin, >http://www.loganalysis.org. > >Josh > >_______________________________________________ >TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >tclug-list at mn-linux.org >http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > >