[logs] Looking at windows logs
Grimes, Jason
jg48 at txstate.edu
Thu May 29 11:30:08 PDT 2008
Eventquery.vbs should do the trick
http://technet2.microsoft.com/windowsserver/en/library/68672494-7700-4cbf-8392-4b6ef87b87491033.mspx?mfr=true
Jason Grimes
User Services Consultant
Technology Resources
Texas State University
601 University Dr. San Marcos, TX 78666
512.245.2636
jg48 at txstate.edu<mailto:jg48 at txstate.edu>
From: loganalysis-bounces at loganalysis.org [mailto:loganalysis-bounces at loganalysis.org] On Behalf Of James B Horwath
Sent: Thursday, May 29, 2008 7:43 AM
To: loganalysis at loganalysis.org; loganalysis-bounces at loganalysis.org
Subject: [logs] Looking at windows logs
I hope somebody can help me. I have a windows EVT file from a system that I want to view on another computer (which is a windows XP laptop). I booted the laptop with Linux (backtrack) and tried to remove the old security.evt file and replace it with mine. Even with the windows drive mounted with "rw" I could manipulate any of the files or permissions. I kept receiving a message "read-only" media.
I thought maybe I could use the eventquery.vbs file from the command line using the /L switch to dump the logs, this did not work. It appears only the windows categories are readable. I have a licensed copy of Adiscon eventviewer and a copy of lasso.
Can anyone offer any suggestions on how to extract this data?
Thanks in advance.
Jim
________________________________
This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.loganalysis.org/pipermail/loganalysis/attachments/20080529/287c11ac/attachment.html
More information about the LogAnalysis
mailing list