Event Logs

Using Event Viewer, I can access the event logs on remote PCs

I shall call these PC#1, PC#2, PC#3 and PC#4

On PC#1 I can access application, security and system
On PC#2 I can only access application and system
On PC#3 I can only access application and system
On PC#4 I can not access any

PC#4 could be due to anything so I'm not too botherd about that.

What is stopping me from accessing the security logs on PC#2 and PC#3?
Thanks

I think you need Administrator rights on the PC in question to be able to read the security log.

You will need to log in to the machine as an Admin to set this up for your login - or I guess you could set it via group policy if you use it.

Yes, I was able to do it before on an app I wrote that did this. The user account was an Domain Admin. So there should be security on the security log. :D

The 4th PC is what OS?

Thanks for the replies
The PC#1, PC#3 and PC#4 are all XP pro
PC#2 is Win2K

I'm on XP as well

PC#4 is not actually on the same domain although it is accessible via the network.

I'm actually writing an app for scanning log files extracted using dumpel.exe.

The four PCs I'm currently probing are just ones belonging to other team members. The app will eventually be running on either Win2k, 2003 or XP. in a datacentre.
I just needed to know that I hadn't hit an insurmountable problem...

I'm sure you may already be using this but I have done this already so I know the APIs needed like - ReadEventLog, OpenEventLog, GetNumberOfEventLogRecords, etc.
Let me know if you need anything else. ;)

Oh right! I'll have to check them out.

Thanks

For my app what I did was to backup remote workstations event logs using this API - BackupEventLog to my local pc. Then its easier to open a local event log with less problesm. Perhaps a way around the security log security issue.

Any chance of posting examples RobDog?

Thanks!
:)

Yes, but I'm off to bed (2:30 am :() I'll post it tomorrow. I remember it used the backup as the main way to copy it over to the local machine and save it in text format. Then its easy to read like a text file. :)

Found a great example

http://www.binaryworld.net/Main/Code...deId=3725#copy

Ah, found it. What I did was to use a third party utility (freeware) to export the evt files to a database with its commandline switches. Then query the db to get specific results.

Its called DumpEvt.
Here is an example of the switches:
/logfile=app /outfile=D:\Development\MybckEvt-APP.txt /computer=vb-guru /all >> C:\errors.txt

I also added a feature to save a copy of the evt files using the technique I previously mentioned.