If someone asked me to name the administrative tasks that I despise, I would to have to include searching event logs. Using the log-search tools included with most Windows products to find a specific event-log entry requires a combination of skill, guesswork, and luck—and the larger the environment, the more difficult the search. Large organizations tend to solve this problem by using expensive log-consolidation servers, databases, and search tools—a solution that rivals many modern business intelligence (BI) systems and their data-mining efforts. Smaller organizations with limited resources tend to depend on the built-in Event Viewer tools and simple log utilities.
Searching event logs doesn't have to be complicated. The Microsoft TechNet Web site offers a simple, effective utility called EventCombMT as well as event-log searching tips. Best of all, the utility and tips are free. They're part of the Microsoft online guide "Security Operations Guide for Windows 2000 Server" (http://www.microsoft.com/technet/security/prodtech/windows/windows2000/staysecure/default.asp). After you go to this Web page, you can download the .zip file (secops.exe) that contains EventCombMT by clicking Download the associated Scripts. (If you want to access secops.exe directly, go to http://www.microsoft.com/downloads/release.asp?releaseid=36834.) Secops.exe contains several utilities; you'll find EventCombMT in the \securityops\eventcomb folder. You can use this handy utility's many options to perform built-in and custom searches. . . .
Register
