Hi Toasters,
We keep a database of the most recent logins per user per host system and we recently added netapp CIFS logins to this database. I enabled CIFS auditing of logon/logoff events but was dismayed that the resulting *.evt files are in a binary format that only Windows understands. We are pretty Unix-centric so I did some googling and found a couple of very helpful references for the Windows security event file format and wrote a perl script to parse and dump the event log files on a Unix box. I have attached the script in case anyone is interested in it.
Steve Losen scl@virginia.edu phone: 434-924-0640
University of Virginia ITC Unix Support
Very cool!
-- Sent from my mobile device
On Feb 23, 2008, at 8:24 AM, "Stephen C. Losen" <scl@sasha.acc.virginia.edu
wrote:
Hi Toasters,
We keep a database of the most recent logins per user per host system and we recently added netapp CIFS logins to this database. I enabled CIFS auditing of logon/logoff events but was dismayed that the resulting *.evt files are in a binary format that only Windows understands. We are pretty Unix-centric so I did some googling and found a couple of very helpful references for the Windows security event file format and wrote a perl script to parse and dump the event log files on a Unix box. I have attached the script in case anyone is interested in it.
Steve Losen scl@virginia.edu phone: 434-924-0640
University of Virginia ITC Unix Support
<dumpevt.pl>
-
Nick Bernstein -
Stephen C. Losen