#1 Important field missing in log records

closed
nobody
None
5
2002-07-14
2002-03-15
Anonymous
No

I think, NTsyslog is quite comaparable with
EventReporter.

But, I have got a format, which is not sufficient, in
my opinion.

There is an example of a record on the ntsyslog page:

Oct 18 21:37:34 test1.sabernet.net security[success]
Successful Logon: User
Name:Administrator Domain:TEST1 Logon ID:
(0x0,0x36D166) Logon Type:7 Logon Process
:User32 Authentication Package:
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Work
station Name:TEST1

But the format, I'v got on my W2K Workstation is like
this:

Oct 18 21:37:34 security[success] EventID: 0x210
Administrator TEST1 (0x0,0x36D166) 7 User32
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 TEST1

Is it a feature or a configuration issue?

Thank you !

Pavel Wolf
Radiomobil, a.s.
wolfp@radiomobil.cz

Discussion

  • Nobody/Anonymous

    Logged In: NO

    I know it's stupid and useless, but here's some Kixtart
    script that gets the apprpriate values lodged in the
    registry:

    AddKey("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet")
    AddKey("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog")
    WriteValue
    ("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet","Syslog","132.15.82.
    89","REG_SZ")
    WriteValue
    ("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet","Syslog1","132.15.80
    .86","REG_SZ")
    AddKey("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\System")
    WriteValue
    ("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\System","Infor
    mation","1","REG_DWORD")
    WriteValue
    ("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\System","Warni
    ng","1","REG_DWORD")
    WriteValue
    ("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\System","Error
    ","1","REG_DWORD")
    WriteValue
    ("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\System","Audit
    Success","1","REG_DWORD")
    WriteValue
    ("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\System","Audit
    Failure","1","REG_DWORD")
    AddKey
    ("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\Security")
    WriteValue
    ("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\Security","Inf
    ormation","1","REG_DWORD")
    WriteValue
    ("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\Security","War
    ning","1","REG_DWORD")
    WriteValue
    ("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\Security","Err
    or","1","REG_DWORD")
    WriteValue
    ("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\Security","Aud
    it Success","1","REG_DWORD")
    WriteValue
    ("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\Security","Aud
    it Failure","1","REG_DWORD")
    AddKey
    ("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\Application")
    WriteValue
    ("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\Application","
    Information","1","REG_DWORD")
    WriteValue
    ("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\Application","
    Warning","1","REG_DWORD")
    WriteValue
    ("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\Application","
    Error","1","REG_DWORD")
    WriteValue
    ("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\Application","
    Audit Success","1","REG_DWORD")
    WriteValue
    ("HKEY_LOCAL_MACHINE\SOFTWARE\SaberNet\Syslog\Application","
    Audit Failure","1","REG_DWORD")

     
  • Jason Rhoads

    Jason Rhoads - 2002-07-14
    • status: open --> closed
     
  • Jason Rhoads

    Jason Rhoads - 2002-07-14

    Logged In: YES
    user_id=330283

    The latest version logs in the expected format and includes
    the EventID

     

Log in to post a comment.