18
06
2007
As IT security pros we often scan many different networks and use different commands to perform the job. At the end we have dozen of log files which we need to analyze.
Couple days I installed a nice tool developed by Microsoft called LogParser. It has some neat features for queering different data sources.
I played with it and came up with some nice command lines.
a) Put all your logs into C:\Scans\ directory and make sure they all have the same extension e.g. .log or .txt
b) Go to CMD and paste the following command line
C:\Tools\LogParser2.2>LogParser.exe -i:textline “select text from C:\Scans\*.log where text like ‘%VUL%’” -o:CSV Read the rest of this entry »
Comments : 1 Comment »
Categories : Logparser
13
06
2007
This report will delete a computer object from the SMS database. Use this report if you restage a computer with the same name. Normal process will take more than 30days to age to stale the record.
-
// *********************************************************************************
-
//
-
// Created by SMS Export object wizard
-
//
-
// Thursday, May 31, 2007 created
-
//
-
// File Name: Delete Computer Object.MOF
-
//
-
// Comments :
-
//
-
//
-
// *********************************************************************************
-
// ***** Class : SMS_Report *****
-
[SecurityVerbs(140551)]
-
instance of SMS_Report
-
{
-
Category = “Networknet-LocalIT tasks”;
-
Comment = “Author:Ivan1980@Networknet.nl
-
\nCreate date: 5/30/2007
-
\nDescription: This report will delete a computer object from the SMS database. Use this report if you restage a computer with the same name. Normal process will take more than 30days to age to stale the record.
-
\n
-
\nNote: Select the computer you will restage and click Display. When report is displayed it will show 0 rows!”;
-
GraphXCol = 1;
-
GraphYCol = 2;
-
MachineDetail = FALSE;
-
MachineSource = FALSE;
-
Name = “Delete Computer Object”;
-
NumPrompts = 1;
-
RefreshInterval = 0;
-
ReportParams = {
-
instance of SMS_ReportParameter
-
{
-
AllowEmpty = FALSE;
-
DefaultValue = “”;
-
PromptText = “Computername”;
-
SampleValueSQL = “begin
-
\n if (@__filterwildcard = ”)
-
\n SELECT DISTINCT SYS.Netbios_Name0 from v_R_System SYS ORDER By SYS.Netbios_Name0
-
\n else
-
\n SELECT DISTINCT SYS.Netbios_Name0 from v_R_System SYS
-
\n WHERE SYS.Netbios_Name0 like @__filterwildcard
-
\n ORDER By SYS.Netbios_Name0
-
\nend”;
-
VariableName = “comp”;
-
}};
-
SecurityKey = “”;
-
SQLQuery = “exec sp_RemoveComputerObject1 @comp”;
-
StatusMessageDetailSource = FALSE;
-
};
-
// ***** End *****
Read the rest of this entry »
Comments : 2 Comments »
Categories : SMS
12
06
2007
Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!
Comments : No Comments »
Categories : Uncategorized
Recent Comments