Sorry if I'm lost here... but isn't the use of this perl script the same
thing as Event Viewer > Connect to another computer... option but in a
script fashion? Maybe useful for offline reviewing.
I think there is a difference in asking for a centralized place where to
watch the logs and the option of having a centralized management
solution that can handle some sort of analysis in a distributed fashion
of the server farm.
IF the problem here is "walking around" well... then open your MMC
console and read/save the remote logs from your desktop/laptop computer.
Else I would recommend a solution that can handle the fact that a server
might go down because of another server in the farm having trouble. I
know MOM (Microsoft Operations Manager) (This used to be NetIQ´s
management solution) can handle this... but it's kind of expensive
though.
Gabriel
-----Original Message-----
From: Arendt, Jordan LRN [mailto:Jordan.Arendt (at) sasked.gov.sk (dot) ca [email concealed]]
Sent: Tuesday, January 28, 2003 2:51 PM
To: 'Zimin, Alex'; defaillance (at) hushmail (dot) com [email concealed]; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Win2k log management
Nice perl script that we use for NT, and I believe works with win2k.
http://perlmonks.thepen.com/15057.html
I've modified it and added some comments/documentation.
#
# Original Script came from: http://perlmonks.thepen.com/15057.html
# Modified by: Jordan Arendt on May 23, 2002
# Script Name: eventdump.pl
# Comments:
# There are several things that need to be done for setup
# 1. Create a directory called c:\event_logs on every server
# that you are going to want to dump the eventlogs from.
# 2. Share that directory with a share name of event_logs
# 3. Change ZEPHYR to whatever server you want to store your logs
on.
# 4. On the server Zephyr (or whatever you've changed it to)
# create a directory event_logs and share it as event_logs
# 5. Create the directories event_logs\Application
# ,event_logs\Security, and event_logs\System on Zephyr
# 6. Add the servers you want to get the logs from to the
# @servers line. ex. @servers = ("S1","S2","S3");
# 7. Create a directory c:\event_logs on each server you are
# dumping logs from and share it as event_logs
# 8. Active State Perl needs to be installed on the machine you
# want to run this from. You can schedule it with the
# scheduler with the command: perl eventdump.pl
gs\$eventlog\\$filename.evt")
or warn "Could not move $filename to ZEPHYR:$!\n";
}
}
close OUTFH;
-----Original Message-----
From: Zimin, Alex [mailto:alex (at) towerrecords (dot) com [email concealed]]
Sent: January 24, 2003 4:11 PM
To: defaillance (at) hushmail (dot) com [email concealed]; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Win2k log management
Try event log management tools from "Dorian Software".
http://www.doriansoft.com/
Alex.
> -----Original Message-----
> From: defaillance (at) hushmail (dot) com [email concealed] [mailto:defaillance (at) hushmail (dot) com [email concealed]]
> Sent: Friday, January 24, 2003 10:04 AM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Win2k log management
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> I am currently administering over 10 server(advanced) and 20
> workstation (pro), The management of
> event/security/application log has become unbeareable,so im
> looking for a centralized management solution were the
> informatin would be gather from server/workstation to a
> specific server, so the question is: Anyone aware of such a
> software that could do the job ? commercial or freeware, I
> basically just want to avoid having to walk over to check
> them manually.
>
> also if anyone who has faced this situation is willing to
> share their knowledge on the subject...
>
> Thanks
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.2 (Java)
> Note: This signature can be verified at
> https://www.hushtools.com/verify
>
>
> wl8EARECACAFAj4xf/sZHGRlZmFpbGxhbmNlQGh1c2htYWlsLmNvbQAKCRAAqpYJlh8f
> xQ7GAJ9+/LTX1k/uD/cY6mzx8iPKehJGhgCY8S0SZc03cmWwXsZwQBpQ8K7Rog==
> =4gCk
> -----END PGP SIGNATURE-----
>
>
>
>
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2
>
> Big $$$ to be made with the HushMail Affiliate Program:
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
>
Sorry if I'm lost here... but isn't the use of this perl script the same
thing as Event Viewer > Connect to another computer... option but in a
script fashion? Maybe useful for offline reviewing.
I think there is a difference in asking for a centralized place where to
watch the logs and the option of having a centralized management
solution that can handle some sort of analysis in a distributed fashion
of the server farm.
IF the problem here is "walking around" well... then open your MMC
console and read/save the remote logs from your desktop/laptop computer.
Else I would recommend a solution that can handle the fact that a server
might go down because of another server in the farm having trouble. I
know MOM (Microsoft Operations Manager) (This used to be NetIQ´s
management solution) can handle this... but it's kind of expensive
though.
Gabriel
-----Original Message-----
From: Arendt, Jordan LRN [mailto:Jordan.Arendt (at) sasked.gov.sk (dot) ca [email concealed]]
Sent: Tuesday, January 28, 2003 2:51 PM
To: 'Zimin, Alex'; defaillance (at) hushmail (dot) com [email concealed]; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Win2k log management
Nice perl script that we use for NT, and I believe works with win2k.
http://perlmonks.thepen.com/15057.html
I've modified it and added some comments/documentation.
########################################################################
#
# Original Script came from: http://perlmonks.thepen.com/15057.html
# Modified by: Jordan Arendt on May 23, 2002
# Script Name: eventdump.pl
# Comments:
# There are several things that need to be done for setup
# 1. Create a directory called c:\event_logs on every server
# that you are going to want to dump the eventlogs from.
# 2. Share that directory with a share name of event_logs
# 3. Change ZEPHYR to whatever server you want to store your logs
on.
# 4. On the server Zephyr (or whatever you've changed it to)
# create a directory event_logs and share it as event_logs
# 5. Create the directories event_logs\Application
# ,event_logs\Security, and event_logs\System on Zephyr
# 6. Add the servers you want to get the logs from to the
# @servers line. ex. @servers = ("S1","S2","S3");
# 7. Create a directory c:\event_logs on each server you are
# dumping logs from and share it as event_logs
# 8. Active State Perl needs to be installed on the machine you
# want to run this from. You can schedule it with the
# scheduler with the command: perl eventdump.pl
#
########################################################################
#
use Win32::EventLog;
use File::Copy;
use Time::localtime;
open(OUTFH,"+>>\\\\ZEPHYR\\event_logs\\buerrs.log");
@servers = ("S1","S2","S3","S4");
@logs = ("System","Application","Security");
#($sec,$min,$hour,$mday,$mon,$year) = localtime();
$year = localtime->year() + 1900;
$month = localtime->mon()+1;
$day = localtime->mday();
$hour = localtime->hour();
$min = localtime->min();
$sec = localtime->sec();
$date = join("_",$year,$month,$day,$hour,$min,$sec);
for ( $i = 0; $i <= $#servers ; $i++ )
{
foreach $eventlog (@logs)
{
$filename = $eventlog. "_" . $servers[$i] . "_" . $date;
$handle = Win32::EventLog->new("$eventlog","\\\\$servers[$i]")
or
die "Can't open $eventlog Eventlog on $servers[$i]:$!\n";
# The directory event_logs was created on each server.
$handle->Clear("c:\\event_logs\\$filename.evt") or
print OFH "Could not clear and backup the $eventlog Eventlog
on
$servers[$i]\n";
$handle->Close;
move("\\\\$servers[$i]\\event_logs\\$filename.evt","\\\\ZEPHYR\\event_lo
gs\$eventlog\\$filename.evt")
or warn "Could not move $filename to ZEPHYR:$!\n";
}
}
close OUTFH;
-----Original Message-----
From: Zimin, Alex [mailto:alex (at) towerrecords (dot) com [email concealed]]
Sent: January 24, 2003 4:11 PM
To: defaillance (at) hushmail (dot) com [email concealed]; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: Win2k log management
Try event log management tools from "Dorian Software".
http://www.doriansoft.com/
Alex.
> -----Original Message-----
> From: defaillance (at) hushmail (dot) com [email concealed] [mailto:defaillance (at) hushmail (dot) com [email concealed]]
> Sent: Friday, January 24, 2003 10:04 AM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Win2k log management
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> I am currently administering over 10 server(advanced) and 20
> workstation (pro), The management of
> event/security/application log has become unbeareable,so im
> looking for a centralized management solution were the
> informatin would be gather from server/workstation to a
> specific server, so the question is: Anyone aware of such a
> software that could do the job ? commercial or freeware, I
> basically just want to avoid having to walk over to check
> them manually.
>
> also if anyone who has faced this situation is willing to
> share their knowledge on the subject...
>
> Thanks
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.2 (Java)
> Note: This signature can be verified at
> https://www.hushtools.com/verify
>
>
> wl8EARECACAFAj4xf/sZHGRlZmFpbGxhbmNlQGh1c2htYWlsLmNvbQAKCRAAqpYJlh8f
> xQ7GAJ9+/LTX1k/uD/cY6mzx8iPKehJGhgCY8S0SZc03cmWwXsZwQBpQ8K7Rog==
> =4gCk
> -----END PGP SIGNATURE-----
>
>
>
>
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2
>
> Big $$$ to be made with the HushMail Affiliate Program:
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
>
[ reply ]