[Chicago-talk] Windows event Logs
Darren.Young at ChicagoGSB.edu
Fri Feb 8 12:48:50 PST 2008
Anyone here messed with gathering Windows event log data? From what I
can find I have 2 options for this, native Perl Win32::EventLog or open
dumpel.exe and read from it.
What I need are event 540's from the security log (successful network
logon events) for the previous day which will be parsed and stored in a
SQL table. Each AD DC stores 2 days worth of logs (10 DC's globally)
with several hundred thousand of these events on each DC each day.
Dumpel.exe takes a switch of "days" to dump for where I don't see any
such option for Win32::EventLog, but then, I've never actually used it.
I'm wondering if anyone here has done this and might have some
suggestions. Perl 5.8 on Windows 2003.
Systems & Security Architect
5807 South Woodlawn Avenue
Chicago, IL 60637
Voice 773.702.0331 | Fax 773.702.0233
More information about the Chicago-talk