Re: Workarounds for Windows Event File corruption

Mario,

> not sure if I understood this correctly but I think you are after logging
> eventlog to syslog and then parsing the syslog for anomalies..there were a
> few projects around that do this, one being:
> http://sourceforge.net/projects/ntsyslog/

This looks like a very useful tool, esp for windows/linux network
integration.  However, this isn't what I am trying to do.

I am trying to take the raw .evt files that windows generates and
convert them into text logs that are meaningful.  There are tons of
tools out there which run on windows to do this, but they all rely on
windows library calls to do the .evt parsing, and message generation.

I'd rather not run windows, whenever possible.

I understand the logging architecture on Windows now, so it is just a
matter of getting the information I need out of the .evt files and other
configs on a mounted windows partition to re-create the same environment
on *ix.

> I would be interested in helping out in this...

If you are still interested, after this clarification, please send me
mail privately and I'll fill you in on the technical nitty-gritty.

thanks!
tim

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com