Windows NT Security Event Log Analysis Tool

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

Reviewing event logs is one of the most important of the tasks and one of the most ignored. NT Objectives' NTLast is a utility needed in any Windows NT administrators tool box. NTLast is a command-line tool that searches local and remote NT security event logs to display entries in an easy-to-read onscreen report. NTLast can open and review archived event logs and pipe output to a text file. For IIS admins, NTLast can distinguish between local console logons and remote network logons and can filter and display Microsoft Internet Information Server (IIS) logons.

NTLast supports a wide variety of command-line switches, for example, -f tells NTLast to display all failed logon attempts in the security event logs. Check it out : NTLast

Frank Heyne has made available a Windows NT Eventlog FAQ .

See Also

Featured Links