You should be able to save the log files from the log viewer. If you want to try to convert them to stalky format you can try using snare or lasso. If you are looking to do some deep searching on the log data I would recommend downloading splunk. You can have it pull the data off in several ways WMI, nfs, or agent based. They give a 500mb/ day index license away for free.
On Oct 31, 2010, at 8:45 PM, Dimitrios Kapsalis <[email protected]> wrote: > It is. I was wondering if any tools exists to pull it from there. > > Sent from my iPad > > On Oct 31, 2010, at 7:37 PM, Vincent Lape <[email protected]> wrote: > >> Should be in the security event log if you have failures turned on. >> >> >> >> On Oct 31, 2010, at 2:11 PM, Dimitrios Kapsalis <[email protected]> wrote: >> >>> Hey all, >>> >>> One of my xp home boxes is being bruteforce scanned on ssh port. Anyway to >>> interface with event viewer to harvest source IP addresses and usernames >>> attackers are using? >>> >>> >>> >>> Sent from my iPhone >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
