Windows NT Security Event Log Analysis Tool

  • Section(s): Event Logs
  • Published on Apr 20, 2004.
  • Last Modified on Apr 20, 2004.
  • Last Modified by Wayne Maples.
  • Rated 4.7 out of 5 based on 3 votes.
Reviewing event logs is one of the most important of the tasks and one of the most ignored. NT Objectives' NTLast is a utility needed in any Windows NT administrators tool box. NTLast is a command-line tool that searches local and remote NT security event logs to display entries in an easy-to-read onscreen report. NTLast can open and review archived event logs and pipe output to a text file. For IIS admins, NTLast can distinguish between local console logons and remote network logons and can filter and display Microsoft Internet Information Server (IIS) logons.

NTLast supports a wide variety of command-line switches, for example, -f tells NTLast to display all failed logon attempts in the security event logs. Check it out : NTLast

Frank Heyne has made available a Windows NT Eventlog FAQ .

About Wayne Maples


Article not looking right or info is missing? Let us know so that we can fix it: .


Receive all the latest articles by email!

Receive Real-Time & Monthly WindowsNetworking.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowsNetworking.com member!

Discuss your network issues with thousands of other network administrators. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred network administration tool?