Network security is no longer an afterthought as it once was for many administrators. An increasing number of administrators are finding themselves involved in various security audits and spending large chunks of their shrinking IT budgets on security auditing tools. Administrators must sift through countless event logs just to answer basic questions about their networks' security.
Auditing event logs is a tedious but important task. Unfortunately, many of us aren't accustomed to saving event logs, so we end up with incomplete data that we must try to use to generate meaningful and accurate reports. The solution, at least going forward, is to automate the process of saving event logs and to create a useful and inexpensive way to generate reports from these logs. In this first article of a two-part series about event-log auditing, I step you through a script that dumps the Security logs for specified servers and saves the output as text files for later processing. In the next article, I'll describe a script to process these log dumps to create an audit of logons and logoffs based on usernames and date ranges. . . .