[logs] Windows Log Analysis
chris misztur
chrismisztur at yahoo.com
Thu Oct 8 06:40:40 PDT 2009
I've put this project off to the side since mid-2008 but I'm back at it (http://sync-io.net/go/blog/2008/06/18/EventCollectorSubscribingHTTPXP2003ClientsPost1.aspx). I've been thinking up ways to utilize Windows Event Collector(http://msdn.microsoft.com/en-us/library/bb427443(VS.85).aspx) to collect from all PCs in the domain. The collector allows me to create subscriptions using xpath queries and have the logs forwarded from clients to the collector. I have been playing with the idea of polling all PCs in the domain, getting their available logs, sources and events (resource files in XP and above, and
instrumentationManifests in Vista and above). From this data I should have visibility of *most* possible events in my domain. Great... so now I have a list of thousands possible events that I could collect.
Now what? How do I create a semi-autonomous system that will know to take action? (e.g. kerberos/5 and W32Time/29 should check the state of timeservers)
I am tired of playing the game of collect everything and ask questions later. With a db of *most* Windows events, I should be able to make more intelligent decisions.
chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.loganalysis.org/pipermail/loganalysis/attachments/20091008/cfcc6a84/attachment.html
More information about the LogAnalysis
mailing list