W2K CyberSafe Event Log Analyzer

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

W2K Server Resource Kit includes CyberSafe Log Analyst (CLA) which is a Microsoft Management Console (MMC) snap-in that lets you analyze the Security logs of the systems in your domain. CLA has prebuilt reports that provide useful views of security activity, but you can design custom reports. To install CLA, run \apps\loganalyst\setup.exe on the CD-ROM. This creates a shortcut in Administrative Tools.

Using CLA is a three-step process.

  • Tell CLA which event logs to analyze. To test CLA, copy the local system's current event log by right-clicking Logs to be Analyzed and selecting Cut Live Local Event Log. To run reports on the merged activity of multiple systems, use Event Viewer to save each system's event log to an .evt file. After saving the logs, add them to CLA by selecting Add Event Log File from the Logs to be Analyzed context menu.
  • To import selected logs into CLA's native format, select Analyze from the Logs to be Analyzed context menu.
  • Select and generate the desired report from the Report Templates folder.
CLA generates sophisticated reports which gives an enterprise view of activity. Not bad for one of many utilities in the resource kit.

See Also

Featured Links