Firewall Wizards mailing list archives

Re: NT log file format?

From: "Paul M. Cardon" <pmarc () cmg fcnbd com>
Date: Thu, 25 Mar 1999 16:00:43 -0600

""Marcus J. Ranum" <mjr () nfr net>" thus spake unto me:
: Anyone got any pointers to C code for dissecting NT log
: file formats under UNIX? Or is that pretty much an insane/inane
: idea?

I'm not sure how useful that would be.  The NT event logs are not  
self-contained.  Most of the data structures are numeric values that  
reference information both in the registry and application/service dlls to  
minimize logging storage requirements and to keep the event log  
language-neutral to facilitate internationalization of text messages.  The  
Event Viewer app performs lookups that return text for the language of the  
logged on user if available.

However, the data structures used in an event log entry are documented in  
the header file winnt.h (available with Visual C++) and also in O'Reilly's  
Windows NT Event Logging.

-paul

Current thread:

NT log file format? Marcus J. Ranum (Mar 25)
- Re: NT log file format? Paul M. Cardon (Mar 25)
- RE: NT log file format? David Bovee (Mar 26)
- <Possible follow-ups>
- Re: NT log file format? Ryan Russell (Mar 25)
  - Re: NT log file format? Joseph S D Yao (Mar 26)
  - Re: NT log file format? davi (Mar 26)
  - Re: NT log file format? sedwards (Mar 26)
- RE: NT log file format? Choi, Byoung (Mar 25)
- Re: NT log file format? Lart (Mar 26)
- Re: NT log file format? ark (Mar 26)
  - Re: NT log file format? David Gillett (Mar 26)
- RE: NT log file format? Kenneth_W_Fox (Mar 26)