FAQ or HOWTO on windows event logs
David Bear
david.bear at asu.edu
Fri Dec 5 12:27:17 EST 2003
I would like to develop some tools to better understand/analyze
windows event logs. What I've done is export the event log as a
delimited file, then try to use awk or python to parse the info.
There must be an easier way... The format of the event changes with
the event, so it seems impossible to write a generalized parser.
I guess i'm look for tricks -- recommendations on what others have
found to be effective ways to deal with windows events log data. My
goal would be to get the data in a format where I can run correlations
on events. For example, I would like to see when a system event (a
dcom buffer overflow) occurs and then see if an event in the
application log like a crashed ocx occurred at the same
time.. Obviously this is for intrusion analysis...
Any advice?
More information about the Python-list
mailing list