[logs] Looking at windows logs
James B Horwath
Jim_Horwath at glic.com
Thu May 29 05:42:36 PDT 2008
I hope somebody can help me. I have a windows EVT file from a system
that I want to view on another computer (which is a windows XP laptop). I
booted the laptop with Linux (backtrack) and tried to remove the old
security.evt file and replace it with mine. Even with the windows drive
mounted with "rw" I could manipulate any of the files or permissions. I
kept receiving a message "read-only" media.
I thought maybe I could use the eventquery.vbs file from the command line
using the /L switch to dump the logs, this did not work. It appears only
the windows categories are readable. I have a licensed copy of Adiscon
eventviewer and a copy of lasso.
Can anyone offer any suggestions on how to extract this data?
Thanks in advance.
Jim
-----------------------------------------
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law. If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited. If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.loganalysis.org/pipermail/loganalysis/attachments/20080529/7912ecad/attachment.html
More information about the LogAnalysis
mailing list