23 Feb
2008
23 Feb
'08
4:24 p.m.
Hi Toasters,
We keep a database of the most recent logins per user per host system and we recently added netapp CIFS logins to this database. I enabled CIFS auditing of logon/logoff events but was dismayed that the resulting *.evt files are in a binary format that only Windows understands. We are pretty Unix-centric so I did some googling and found a couple of very helpful references for the Windows security event file format and wrote a perl script to parse and dump the event log files on a Unix box. I have attached the script in case anyone is interested in it.
Steve Losen scl@virginia.edu phone: 434-924-0640
University of Virginia ITC Unix Support