Re: Winxp event viewer

[Vincent Lape <vlape () me com>]

You should be able to save the log files from the log viewer. If you want to try to convert them to stalky format you 
can try using snare or lasso. If you are looking to do some deep searching on the log data I would recommend 
downloading splunk. You can have it pull the data off in several ways WMI, nfs, or agent based. They give a 500mb/ day 
index license away for free. 




On Oct 31, 2010, at 8:45 PM, Dimitrios Kapsalis <dimitrios () gmail com> wrote:

> It is. I was wondering if any tools exists to pull it from there.
>
> Sent from my iPad
>
> On Oct 31, 2010, at 7:37 PM, Vincent Lape <vlape () me com> wrote:
>
> > Should be in the security event log if you have failures turned on. 
> >
> >
> >
> > On Oct 31, 2010, at 2:11 PM, Dimitrios Kapsalis <dimitrios () gmail com> wrote:
> >
> > > Hey all,
> > >
> > > One of my xp home boxes is being bruteforce scanned on ssh port. Anyway to interface with event viewer to harvest 
> > > source IP addresses and usernames attackers are using?
> > >
> > >
> > >
> > > Sent from my iPhone
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom () mail pauldotcom com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com