W2K Server Resource Kit includes CyberSafe Log Analyst (CLA) which is a
Microsoft Management Console (MMC) snap-in that lets you analyze the Security
logs of the systems in your domain. CLA has prebuilt reports that provide useful
views of security activity, but you can design custom reports. To install CLA,
run \apps\loganalyst\setup.exe on the CD-ROM. This
creates a shortcut in Administrative Tools.
Using CLA is a three-step process.
- Tell CLA which event logs to analyze. To test CLA, copy the local system's
current event log by right-clicking Logs to be Analyzed
and selecting Cut Live Local Event Log. To run reports
on the merged activity of multiple systems, use Event Viewer to save each
system's event log to an .evt file. After saving the logs, add them to CLA by
selecting Add Event Log File from the Logs to be Analyzed context menu.
- To import selected logs into CLA's native format, select Analyze from the Logs to be Analyzed context menu.
- Select and generate the desired report from the Report Templates folder.
activity. Not bad for one of many utilities in the resource kit.