HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 34 guests and 1 member online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Event log cleanup
EH-Net
May 25, 2013, 08:51:49 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Event log cleanup  (Read 5049 times)
0 Members and 1 Guest are viewing this topic.
Paul
Newbie
*
Offline Offline

Posts: 7


View Profile
« on: October 05, 2007, 12:13:58 AM »
I am currently trying to do cleanup within a vbscript. I am trying to clean up the event log. I want to erase only a few select entries within the log. now using WMI this accesses a lot of calls available from the Win API. I have found that by no suprise windows has locked out this ability. I have tried finding out the current size of the log, resetting the max to this size then tell the log to delete entries only if they are over 2 years old. Now even when I do this logging still happens. The only calls I can make or settings adjusted are

Call BackupEventLog   (useless)
Call ClearEventLog     (useless... overkill)

Set MaxFileSize
Set OverwriteOutDated

tried messing with the sets but didn't work out afterall, I could set them, but it kept on logging.

Does anyone have some insight on tools or methods for event log cleanup.

Thanks!!
Logged
dean
Guest
« Reply #1 on: October 05, 2007, 04:07:19 PM »
The only tool I can think of offhand is Arne Vidstrom's WinZapper for NT4 AND 2K log files. It's old (written in 2000) and buggy though.

Perhaps the source will give you an idea or direction.

The system.log, etc... are not readable and are written to the .evt format. These files are write protected.

Even if you manage to edit the files you would probably need to restart the event log service and this would be logged.

Cheers,
Dean
Logged
Paul
Newbie
*
Offline Offline

Posts: 7


View Profile
« Reply #2 on: October 05, 2007, 11:57:03 PM »
Dean,

Thanks for the post. WinZapper didn't help much because it won't run on XP/2k3 Server. I checked in Olly to see what it is doing, it does an OS check right off the bat and exits. I am not great in the reversing world and figured a lot has changed on the API from NT4 and 2K so I didn't want to mess with it.

Windows has the event log locked down to where if the service is stopped your system restarts.

Thanks for the post, anyone else have any ideas

-Paul
Logged
LSOChris
Guest
« Reply #3 on: October 06, 2007, 03:04:10 AM »
this help?

http://www.microsoft.com/technet/sysinternals/Security/PsLogList.mspx
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.061 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.