Forum

Ultimate Windows Security Forum » IT Audit » Windows Server » How to easily obtain Event Log activity...

How to easily obtain Event Log activity...

Rate Topic

Display Mode

Topic Options

Author

Message

ottermaton

Posted 5/1/2009 5:17:48 PM

Forum Newbie

Group: Forum Members
Last Login: 5/1/2009 5:12:07 PM
Posts: 4, Visits: 0

How much log data and/or how many events is a given server creating in a typical day? In a typical week? At its peak moment (Monday morning)?

This question is of particular interest for Domain Controllers, and I don't know the answer. Are there any built-in Windows tools or interfaces for displaying this type of data? Or any simple (and free) third party tools for doing so?

Post #84

RandyFranklinSmith

Posted 5/2/2009 6:50:46 PM

Expert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 326, Visits: 0

I would suggest logparser; you will need to use the count(*) function and the group by clause.

The command will be something close to

logparser "select TimeGenerated, count(*) from security group by TimeGenerated"

But you will need to use the substring function on TimeGenerated to chop off the time and leave just the date. You can download logparser at http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en and there are examples of its use all over the Internet.

Post #86

« Prev Topic | Next Topic »

Permissions

All times are GMT -5:00, Time now is 9:50am

Upcoming Webinars

AD Audits: Top 7 Questions to Answer When Auditors Look at Account Management and Access Control in Active Directory

Additional Resources

Home

Forum

User name:
Password:
	/ Forgot?
	Register

Home

About | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2008 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.