[logs] Looking at windows logs

Rainer Gerhards rgerhards at hq.adiscon.com
Thu May 29 13:40:01 PDT 2008 

Hi James,

Depending on wich version of EventReporter you have, you can make it
read the .evt file natively. I think it was a relatively recent addition
(within the last two years or so) and so you version may no have it. If
you let me know your version, I can check and have create some
instructions.

Rainer 

> -----Original Message-----
> From: loganalysis-bounces at loganalysis.org 
> [mailto:loganalysis-bounces at loganalysis.org] On Behalf Of 
> James B Horwath
> Sent: Thursday, May 29, 2008 2:43 PM
> To: loganalysis at loganalysis.org; loganalysis-bounces at loganalysis.org
> Subject: [logs] Looking at windows logs
> 
> 
> 
> I hope somebody can help me.   I have a windows EVT file from 
> a system that I want to view on another computer (which is a 
> windows XP laptop).   I booted the laptop with Linux 
> (backtrack) and tried to remove the old security.evt file and 
> replace it with mine.  Even with the windows drive mounted 
> with "rw" I could manipulate any of the files or permissions. 
>  I kept receiving a message "read-only" media. 
> 
> I thought maybe I could use the eventquery.vbs file from the 
> command line using the /L switch  to dump the logs, this did 
> not work. It appears only the windows categories are 
> readable.  I have a licensed copy of Adiscon eventviewer and 
> a copy of lasso.   
> 
> Can anyone offer any suggestions on how to extract this data? 
> 
> Thanks in advance. 
> Jim 
> 
>   
> 
> ________________________________
> 
> This message, and any attachments to it, may contain 
> information that is privileged, confidential, and exempt from 
> disclosure under applicable law. If the reader of this 
> message is not the intended recipient, you are notified that 
> any use, dissemination, distribution, copying, or 
> communication of this message is strictly prohibited. If you 
> have received this message in error, please notify the sender 
> immediately by return e-mail and delete the message and any 
> attachments. Thank you. 
> 
>

More information about the LogAnalysis mailing list