Stay Connected
Archive for June, 2007
Analyze your scan log files
Jun 18th
As IT security pros we often scan many different networks and use different commands to perform the job. At the end we have dozen of log files which we need to analyze.
Couple days I installed a nice tool developed by Microsoft called LogParser. It has some neat features for queering different data sources.
I played with it and came up with some nice command lines.
Put all your logs into C:\Scans\ directory and make sure they all have the same extension e.g. .log or .txt Go to CMD and paste the following command line C:\Tools\LogParser2.2>LogParser.exe -i:textline "select text from C:\Scans\*.log where text like '%VUL%'" -o:CSV
(No Ratings Yet)
Loading ...SMS Report – Delete Computer Object
Jun 13th
This report will delete a computer object from the SMS database. Use this report if you restage a computer with the same name. Normal process will take more than 30days to age to stale the record.
// *********************************************************************************
//
// Created by SMS Export object wizard
//
// Thursday, May 31, 2007 created
//
// File Name: Delete Computer Object.MOF
//
// Comments :
//
//
// *********************************************************************************
// ***** Class : SMS_Report *****
[SecurityVerbs(140551)]
instance of SMS_Report
{
Category = "Networknet-LocalIT tasks";
Comment = "Author:Ivan1980@Networknet.nl
\nCreate date: 5/30/2007
\nDescription: This report will delete a computer object from the SMS database. Use this report if you restage a computer with the same name. Normal process will take more than 30days to age to stale the record.
\n
\nNote: Select the computer you will restage and click Display. When report is displayed it will show 0 rows!";
GraphXCol = 1;
GraphYCol = 2;
MachineDetail = FALSE;
MachineSource = FALSE;
Name = "Delete Computer Object";
NumPrompts = 1;
RefreshInterval = 0;
ReportParams = {
instance of SMS_ReportParameter
{
AllowEmpty = FALSE;
DefaultValue = "";
PromptText = "Computername";
SampleValueSQL = "begin
\n if (@__filterwildcard = '')
\n SELECT DISTINCT SYS.Netbios_Name0 from v_R_System SYS ORDER By SYS.Netbios_Name0
\n else
\n SELECT DISTINCT SYS.Netbios_Name0 from v_R_System SYS
\n WHERE SYS.Netbios_Name0 like @__filterwildcard
\n ORDER By SYS.Netbios_Name0
\nend";
VariableName = "comp";
}};
SecurityKey = "";
SQLQuery = "exec sp_RemoveComputerObject1 @comp";
StatusMessageDetailSource = FALSE;
};
// ***** End *****
(No Ratings Yet) Loading ...Hello world!
Jun 12th
Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!
(No Ratings Yet) Loading ...
