Also old utility from MS http://support.microsoft.com/kb/308471
In addition WMI or powershell if loaded T On Mon, Nov 1, 2010 at 10:12 AM, Vincent Lape <[email protected]> wrote: > You should be able to save the log files from the log viewer. If you want to > try to convert them to stalky format you can try using snare or lasso. If you > are looking to do some deep searching on the log data I would recommend > downloading splunk. You can have it pull the data off in several ways WMI, > nfs, or agent based. They give a 500mb/ day index license away for free. > > > > > On Oct 31, 2010, at 8:45 PM, Dimitrios Kapsalis <[email protected]> wrote: > >> It is. I was wondering if any tools exists to pull it from there. >> >> Sent from my iPad >> >> On Oct 31, 2010, at 7:37 PM, Vincent Lape <[email protected]> wrote: >> >>> Should be in the security event log if you have failures turned on. >>> >>> >>> >>> On Oct 31, 2010, at 2:11 PM, Dimitrios Kapsalis <[email protected]> wrote: >>> >>>> Hey all, >>>> >>>> One of my xp home boxes is being bruteforce scanned on ssh port. Anyway to >>>> interface with event viewer to harvest source IP addresses and usernames >>>> attackers are using? >>>> >>>> >>>> >>>> Sent from my iPhone >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
