Analysis Of Windows Security Logs With Ms Log Parser
Posted 12 November 2009 - 01:59 PM
Reading through a Windows security log or any other log can be very difficult and time consuming, so a lot of companies have created their own tools to analyze windows event logs. But before you start going commerical, there is a tool that will get you going without any cost. Against all odds, it's a tool made by Microsoft!
The tool in question is Microsoft Log parser. Log parser is a command line tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows operating system such as the Event Log, the Registry, the file system, and Active Directory. So, you can use it to analyze most structured text based files and the eventlog and AD on a single computer.
Posted 13 November 2009 - 10:46 AM
get-eventlog is your best friend, when it was still ps v1 it was very slow, especialy when you're trying to query multiple servers from a different site..
with v2 we get things like WinRM, whitch should speed things up a bit. I haven't had the time to test remoting in v2 but I hope to get my teeth in soon..
/http://www.computerperformance.co.uk/powershell/powershell_eventlog.htm > decent enough intro, for the rest just google
Read the rules before you post
Posted 13 November 2009 - 06:15 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users