• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Real time Windows event log viewing in linux

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux

View previous topic :: View next topic  
Author Message
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Fri Jun 13, 2003 4:23 pm    Post subject: Real time Windows event log viewing in linux Reply with quote

Does anyone know of a tool to watch NT/2k eventlogs in real time under linux?

Without installing syslog on the windows machines Wink

Tried wine and samba options so far but not making much progress.

Cheers
Back to top
View user's profile Send private message Send e-mail
-linux_lad
Trusted SF Member
Trusted SF Member


Joined: 11 Apr 2003
Posts: 16777215
Location: California

Offline

PostPosted: Sat Jun 14, 2003 7:43 pm    Post subject: Re: Real time Windows event log viewing in linux Reply with quote

b4rtm4n wrote:
Does anyone know of a tool to watch NT/2k eventlogs in real time under linux?

Without installing syslog on the windows machines Wink

Tried wine and samba options so far but not making much progress.

Cheers


assuming you want to look at win logs from your windows workstation. If not, just reverse the procedure:
The event logs are nothing but text, just pipe them to a shell and refresh every few seconds (assuming you don't want to use VNC). If you wnted to get really fancy, you could use a stream video from the desktop through the webserver to a java-based cam daemon, so any time you wanted to see the event log, you just fire up the web page from you linux machine or wherever. If you do this, run it on a secure virtual desktop so passers-by can't see what you're up to, and of course, password protect the page.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Sat Jun 14, 2003 10:19 pm    Post subject: Re: Real time Windows event log viewing in linux Reply with quote

-linux_lad wrote:
If you wnted to get really fancy, you could use a stream video from the desktop through the webserver to a java-based cam daemon, so any time you wanted to see the event log, you just fire up the web page from you linux machine or wherever. If you do this, run it on a secure virtual desktop so passers-by can't see what you're up to, and of course, password protect the page.


Heh! Bit too complex! Still needs to install sommit on the windows system.

The windows event logs are binary tho. u normally have to save em from the event viewer as text to use em that way. It's only the web server logs that are natively text.
Back to top
View user's profile Send private message Send e-mail
-linux_lad
Trusted SF Member
Trusted SF Member


Joined: 11 Apr 2003
Posts: 16777215
Location: California

Offline

PostPosted: Sat Jun 14, 2003 11:28 pm    Post subject: Re: Real time Windows event log viewing in linux Reply with quote

b4rtm4n wrote:
Heh! Bit too complex! Still needs to install sommit on the windows system.
The windows event logs are binary tho. u normally have to save em from the event viewer as text to use em that way. It's only the web server logs that are natively text.

Most big organizations use dumpel and store all events in a database. You can get the encoding protocol out of the sdk or download one of many macros for conversion from .evt to word or excel, or you can use dumpel. This little tool takes the .evt files and pukes out delimited plaintext very fast and can be automated. It's free for download from MS (or used to be) and I'm pretty sure it's on the resource CD. If not, I have a copy and instructions that I can send to you. You'll never go back to that clumsy event viewer after the first time you use dumpel.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Weaver
Trusted SF Member
Trusted SF Member


Joined: 04 Jan 2003
Posts: 0
Location: WI, USA

Offline

PostPosted: Mon Jun 16, 2003 8:47 pm    Post subject: Reply with quote

Take that dumpel program and pipe the output to netcat, have another netcat session listening on the linux box. Seems pretty simple, however I have never used dumpel.

-Weaver
Back to top
View user's profile Send private message
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Mon Jun 16, 2003 9:04 pm    Post subject: Reply with quote

Ahhh this looks like sommit I can work with -- cheers guys!
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register