Security Basics mailing list archives

RE: Tool to quickly export all logs on a Windows box

From: Dave Kleiman <dave () davekleiman com>
Date: Thu, 18 Feb 2010 10:33:38 -0600

Download Log Parser from the MS website.


-----------save as security.sql--------------

SELECT
        TimeGenerated AS TimeGenerated,
        EventID AS EventID,
        EventTypeName AS EventTypeName,
        EventCategoryName AS EventCategoryName,
        SourceName AS SourceName,
        ComputerName AS ComputerName,
        SID AS SID,
      Message as Message
INTO %NAME%_Security.csv
FROM %NAME%\Security
GROUP BY TimeGenerated,EventID,EventTypeName,EventCategoryName,SourceName,ComputerName,SID,Message
ORDER BY TimeGenerated ASC

-----------save as security.sql--------------


At the prompt:

Logparser file:security.sql?name=ENTER COMPUTER NAME OR IP


Just change the two below lines where they say Security to Application and then System, save as application.sql and 
system.sql

INTO %NAME%_Security.csv
FROM %NAME%\Security


Logparser file:application.sql?name=ENTER COMPUTER NAME OR IP

Logparser file:system.sql?name=ENTER COMPUTER NAME OR IP


Could probably write a batch to enter the NAMES automatically.




Respectfully,

Dave Kleiman - http://www.ComputerForensicExaminer.com - http://www.DigitalForensicExpert.com 

4371 Northlake Blvd #314
Palm Beach Gardens, FL 33410
561.310.8801 





-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Stephen Mullins
Sent: Tuesday, February 16, 2010 12:55
To: security-basics () securityfocus com
Subject: Tool to quickly export all logs on a Windows box

List,

I am looking for a good, preferably free, tool that is able to export
all logs on a Windows box to .txt files quickly.

Or, does anyone know of a way to remotely pull all system logs off a
Windows box using active directory or SMS?

Ultimately I'd like to be able to export all system logs to .txt
format using a list of select computer names.

Thanks list,

Steve Mullins

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Tool to quickly export all logs on a Windows box Stephen Mullins (Feb 18)
- Re: Tool to quickly export all logs on a Windows box Wim Remes (Feb 19)
- Re: Tool to quickly export all logs on a Windows box Christopher (Feb 19)
- RE: Tool to quickly export all logs on a Windows box Dave Kleiman (Feb 19)
- RE: Tool to quickly export all logs on a Windows box Pranav Lal (Feb 19)
- Re: Tool to quickly export all logs on a Windows box Ansgar Wiechers (Feb 19)
- Re: Tool to quickly export all logs on a Windows box Nikhil Wagholikar (Feb 19)
- <Possible follow-ups>
- RE: Tool to quickly export all logs on a Windows box pinowudi () gmail com (Feb 19)