I would say use Logparser on the command line and run a nice select statement against the evt file or if you dont like the command line using event log explorer and filter on it and you can export it to say a csv or excel or something and do what you want with it.
On Mon, Nov 1, 2010 at 10:12 AM, Vincent Lape <[email protected]> wrote: > You should be able to save the log files from the log viewer. If you want > to try to convert them to stalky format you can try using snare or lasso. If > you are looking to do some deep searching on the log data I would recommend > downloading splunk. You can have it pull the data off in several ways WMI, > nfs, or agent based. They give a 500mb/ day index license away for free. > > > > > On Oct 31, 2010, at 8:45 PM, Dimitrios Kapsalis <[email protected]> > wrote: > > > It is. I was wondering if any tools exists to pull it from there. > > > > Sent from my iPad > > > > On Oct 31, 2010, at 7:37 PM, Vincent Lape <[email protected]> wrote: > > > >> Should be in the security event log if you have failures turned on. > >> > >> > >> > >> On Oct 31, 2010, at 2:11 PM, Dimitrios Kapsalis <[email protected]> > wrote: > >> > >>> Hey all, > >>> > >>> One of my xp home boxes is being bruteforce scanned on ssh port. Anyway > to interface with event viewer to harvest source IP addresses and usernames > attackers are using? > >>> > >>> > >>> > >>> Sent from my iPhone > >>> _______________________________________________ > >>> Pauldotcom mailing list > >>> [email protected] > >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >>> Main Web Site: http://pauldotcom.com > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Larry McDonald
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
