Click here to get back home

saving event log to remote machine?
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
saving event log to remote machine? David 11-16-2006
Posted by David on November 16, 2006, 1:45 pm
Please log in for more thread options
 I had read that you were only supposed to be able to save event logs (.evt
format) to the local hard drive. However I was just able to save to remote
machine using mapped drive and a UNC path? This was done from windows server
2k3 sp1. Maybe this change was with sp1? anyone know?

I also cross-posted to the cert groups because I was wondering how to handle
this type of thing on a test... for example, book says you can't, hands on
testing says you can....



Posted by Bill Frisbee on November 17, 2006, 12:16 am
Please log in for more thread options
 David,

The Windows Resource Kit has a tool called elogdump which does this, but
PsLogList does this just fine.

http://www.microsoft.com/technet/sysinternals/Security/PsLogList.mspx

Either one works fine.

Bill F.

>I had read that you were only supposed to be able to save event logs (.evt
>format) to the local hard drive. However I was just able to save to remote
>machine using mapped drive and a UNC path? This was done from windows
>server 2k3 sp1. Maybe this change was with sp1? anyone know?
>
> I also cross-posted to the cert groups because I was wondering how to
> handle this type of thing on a test... for example, book says you can't,
> hands on testing says you can....
>


Posted by Karl Levinson, mvp on November 20, 2006, 11:25 am
Please log in for more thread options
>I had read that you were only supposed to be able to save event logs (.evt
>format) to the local hard drive. However I was just able to save to remote
>machine using mapped drive and a UNC path? This was done from windows
>server 2k3 sp1. Maybe this change was with sp1? anyone know?
>
> I also cross-posted to the cert groups because I was wondering how to
> handle this type of thing on a test... for example, book says you can't,
> hands on testing says you can....

I believe you've always been able to *export* / save the event log file to a
network drive.

I would expect the cert question would be asking whether you can permanently
*move* the location of the original log file to a network drive, which you
should not be able to do.


--
kind regards,
Karl Levinson, MS MVP
Security FAQ site:
http://securityadmin.info




Similar ThreadsPosted
Any Way To Get Machine Name for Client in Event ID 560? November 13, 2005, 6:38 pm
Determine User Logged Into Remote Machine December 8, 2005, 2:46 am
Remote event viewer access without being an admin? April 28, 2008, 5:04 pm
Win Policies+Saving to desktop January 1, 2007, 1:11 pm
daylight saving time (DST) February 27, 2007, 5:01 pm
Saving a Windows 2003 Firewall Configuration? December 15, 2006, 11:28 pm
NON STOP Event log -event id 538,540,576 September 2, 2007, 11:44 pm
Re: NON STOP Event log -event id 538,540,576 October 2, 2007, 2:44 pm
Machine does not respond. June 28, 2005, 12:42 pm
Security within Virtual Machine December 5, 2005, 6:16 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap