Thanks everyone will try these out! Sent from my iPhone
On Nov 1, 2010, at 10:22 AM, Larry McDonald <[email protected]> wrote: > I would say use Logparser on the command line and run a nice select statement > against the evt file or if you dont like the command line using event log > explorer and filter on it and you can export it to say a csv or excel or > something and do what you want with it. > > On Mon, Nov 1, 2010 at 10:12 AM, Vincent Lape <[email protected]> wrote: > You should be able to save the log files from the log viewer. If you want to > try to convert them to stalky format you can try using snare or lasso. If you > are looking to do some deep searching on the log data I would recommend > downloading splunk. You can have it pull the data off in several ways WMI, > nfs, or agent based. They give a 500mb/ day index license away for free. > > > > > On Oct 31, 2010, at 8:45 PM, Dimitrios Kapsalis <[email protected]> wrote: > > > It is. I was wondering if any tools exists to pull it from there. > > > > Sent from my iPad > > > > On Oct 31, 2010, at 7:37 PM, Vincent Lape <[email protected]> wrote: > > > >> Should be in the security event log if you have failures turned on. > >> > >> > >> > >> On Oct 31, 2010, at 2:11 PM, Dimitrios Kapsalis <[email protected]> > >> wrote: > >> > >>> Hey all, > >>> > >>> One of my xp home boxes is being bruteforce scanned on ssh port. Anyway > >>> to interface with event viewer to harvest source IP addresses and > >>> usernames attackers are using? > >>> > >>> > >>> > >>> Sent from my iPhone > >>> _______________________________________________ > >>> Pauldotcom mailing list > >>> [email protected] > >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >>> Main Web Site: http://pauldotcom.com > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > > > -- > Larry McDonald > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
