Windows 2000 Logs

  • Thread starter Thread starter Peter
  • Start date Start date
P

Peter

Hi all.

This may sound a bit stupid, but is there a way of having Windows 2000
log to a file in the style of unix messages logging?

I don't mind paying for a software that does it.

Thanks in advance.

Peter.
 
You don't have access to a unix or Linux system?

OK, What I see in /var/log/messages, almost every action related to
networking.



Aug 3 04:02:01 <hostname> syslogd 1.4.1: restart.
Aug 3 04:03:06 <hostname> popper[20327]: (v4.0.3) POP login by user
"<user>" at <remote host name> <RemoteIP>
..
..
..
Aug 3 15:15:52 <hostname>ftpd[28461]: USER root2
Aug 3 15:15:52 <hostname> ftpd[28461]: PASS password
Aug 3 15:15:52 <hostname> ftpd[28461]: FTP LOGIN FROM <remote host
name> <RemoteIP>
Aug 3 15:15:52 <hostname> ftpd[28461]: CWD /var/log/
Aug 3 15:15:52 <hostname> ftpd[28461]: PWD
Aug 3 15:15:52 <hostname> ftpd[28461]: PASV
Aug 3 15:15:52 <hostname>ftpd[28461]: LIST
Aug 3 15:16:00 <hostname> ftpd[28461]: DELE poplog
Aug 3 15:16:00 <hostname> ftpd[28461]: root2 of <remote host name>
<RemoteIP> deleted /var/log/poplog
..
..
..
..

Is there a function in Windows or even a third party software that does
this?

Thanks again.





Log what?

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft MVP [Windows NT/2000 Operating Systems]

Peter said:
Hi all.

This may sound a bit stupid, but is there a way of having Windows 2000
log to a file in the style of unix messages logging?

I don't mind paying for a software that does it.

Thanks in advance.

Peter.
Click to expand...
Click to expand...
 
How?
I tried the Performance monitors and counters, in the computer
management, and all it did, is counting in an incomprehensible figures,
that I have either to specify a csv file or use a command line program
to convert into readable text.

If it is there, I am unable to find it.


Dave Patrick said:
You may get the desired result by turning on some level of auditing.

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft MVP [Windows NT/2000 Operating Systems]

Peter said:
You don't have access to a unix or Linux system?

OK, What I see in /var/log/messages, almost every action related to
networking.



Aug 3 04:02:01 <hostname> syslogd 1.4.1: restart.
Aug 3 04:03:06 <hostname> popper[20327]: (v4.0.3) POP login by user
"<user>" at <remote host name> <RemoteIP>
.
.
.
Aug 3 15:15:52 <hostname>ftpd[28461]: USER root2
Aug 3 15:15:52 <hostname> ftpd[28461]: PASS password
Aug 3 15:15:52 <hostname> ftpd[28461]: FTP LOGIN FROM <remote host
name> <RemoteIP>
Aug 3 15:15:52 <hostname> ftpd[28461]: CWD /var/log/
Aug 3 15:15:52 <hostname> ftpd[28461]: PWD
Aug 3 15:15:52 <hostname> ftpd[28461]: PASV
Aug 3 15:15:52 <hostname>ftpd[28461]: LIST
Aug 3 15:16:00 <hostname> ftpd[28461]: DELE poplog
Aug 3 15:16:00 <hostname> ftpd[28461]: root2 of <remote host name>
<RemoteIP> deleted /var/log/poplog
.
.
.
.

Is there a function in Windows or even a third party software that does
this?

Thanks again.
Click to expand...
Click to expand...
 
Control Panel|Admin Tools|Local Security Policy|Security Settings\Local
Policy\Audit Policy
 
Back
Top