Announcement

Collapse
No announcement yet.

Exporter Pro / Exporting all security logs

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Guest's Avatar
    Guest replied
    Re: Exporter Pro / Exporting all security logs

    Send some screen shots of how you are running this in Hyena to [email protected] and we'll see if we can duplicate following your examples.

    Leave a comment:


  • thilo
    replied
    Re: Exporter Pro / Exporting all security logs

    Hi,

    through Hyena WITH WMI it is impossible to view only the security event log. But it is possible to view the whole eventlog. the problem is the where clause:

    - no where claus: i get all eventlogs, security, application and system
    - where clause: Logfile = 'Security' => Empty Output file

    best regards,
    Thilo Mohri

    Leave a comment:


  • kstanush
    replied
    Re: Exporter Pro / Exporting all security logs

    I'm still unclear if you are able to view the Security log in Hyena through WMI. There is a Microsoft exception that when viewing the security log, a process must have an advanced right, the SeSecurityPrivilege. You can view which uses have this privilege by looking at the User Rights for any computer. The problem may be that Hyena will explicitly enable this right for an account (or try to), where Exporter Pro does not.

    Check first to see if the account that you are running Hyena under (if using RunAs the account you ran Hyena under) has this right. Its normally only available to Administrators.

    And verify that you can see security event log entries THROUGH WMI in Hyena.

    Thank you.

    Leave a comment:


  • thilo
    replied
    Re: Exporter Pro / Exporting all security logs

    Hi cmccullough,

    thanks for your reply. The problem still exists. I`m using the same settings to get the application logs. i just change the where clause from Logfile = 'Security' to Logfile = 'Application'.

    The thing i am wondering about is that if i dont specify any where clause it works and i get all three log event categories system, security and application. so this cannot a problem with different credentials.

    normally i run exporter pro standalone, but i tested starting it from hyena, same failure here.

    i wrote directly in hyena it is working. but this is just the half truth. it is working if i select it over event log etc. but if i do a wmi query same failures here.

    *confused*

    edit: i tested the query with wbmetest.exe and it works. so this must be a failure in hyena/exporter pro


    regards,
    thilo

    [This message has been edited by thilo (edited 04-10-2006).]

    Leave a comment:


  • Guest's Avatar
    Guest replied
    Re: Exporter Pro / Exporting all security logs

    I read the email you sent to support as well, and in it you mention that using this same process you can see the Application log. Is that correct?

    If so, how are you running Exporter Pro? Are you starting it from Hyena? If so, are you using Run As on Hyena with different credentials than you are logged in with?

    Leave a comment:


  • thilo
    started a topic Exporter Pro / Exporting all security logs

    Exporter Pro / Exporting all security logs

    Hi there,

    i`m using exporter pro to get all security event logs. but it isn't working yet

    i did the following settings in the wmi template configuration:

    - set output file
    - WMI 'WHERE' Clause: Logfile = "Security"
    - Query Properties (for testing) just User and Logfile.

    Ok, if i start the export it runs through but the file is 1kb with just the column names user and logfile in it.

    if i don't set any where clause it works fine and outputs me all logs (application, security, etc.), but i don't want to have the whole application logs etc. just the security events.

    in hyena all is working fine. but i need it in exporter pro.

    edit: now i have tried cmi studio to see if this is a bug in wmi or in exporter pro. in cmi studio all is working fine, but exporter pro still doesn't work

    any solutions?

    regards,
    thilo

    [This message has been edited by thilo (edited 04-07-2006).]

    [This message has been edited by thilo (edited 04-07-2006).]
Working...
X