Doug,
When I have to search/dump events from eventlogs, especially from multiple servers, I use Microsoft's eventcombmt..
http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en (it's part of MS's account lockout toolkit)
Tony
| "Andrew Wood" <andrew.wood@gilwood-cs.co.uk> Sent by: thin-bounce@freelists.org 07/17/2008 07:10 PM
|
|
Rippletech’s Logcaster would’ve sorted that.
From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Stratton, Doug ISMC:EX
Sent: 17 July 2008 23:00
To: thin@freelists.org
Subject: [THIN] Sifting thru the data
We are in the process of trying to look thru our W2K3 Security logs to identify how many times clients are connecting/dropping/reconnecting again.
It seems like mountains of data and I was just wondering if there is a simple solution to gathering this data.
The sort of thing I would like something like:
UserA
Date - logon
Date - logoff (or other such thing, drop/disconnect…)
UserB
….
We are going thru this exercise because we have clients who are reporting drops and we want to get a better picture of how bad this is.
Any scripts out there or tools that can do this would be greatly appreciated.
Regards,
Doug Stratton, Shared Service BC
Service Desk Email: 77000@gov.bc.ca
Service Desk Tel: (250)387-7000
CONFIDENTIALITY NOTICE: This message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
No comments:
Post a Comment