Reviewing event logs is one of the most important of the tasks and one of the
most ignored. NT Objectives' NTLast is a utility needed
in any Windows NT administrators tool box. NTLast is a command-line tool that
searches local and remote NT security event logs to display entries in an
easy-to-read onscreen report. NTLast can open and review archived event logs and
pipe output to a text file. For IIS admins, NTLast can distinguish between local
console logons and remote network logons and can filter and display Microsoft
Internet Information Server (IIS) logons.
NTLast supports a wide variety of command-line switches, for example, -f
tells NTLast to display all failed logon attempts in the security event logs.
Check it out : NTLast
Frank Heyne has made available a Windows NT
Eventlog FAQ .