Hack Proofing Windows 2000 Server

Even if you have complete confidence in the security of your network, you still need to keep logs of what is going on just to be safe. The most common way to view Windows 2000 logging is with the Event Viewer ( Start Programs Administrative Tools Event Viewer or Start Run and then typing Eventvwr). The Windows 2000 Server Resource Kit provides you with many tools to do detailed logging. You can do logging on local computers and remote computers right from the command prompt. Remember, logging works only when you take the time to view your logs.
The Event Log Query tool ( ElogDmp) dumps information from the event log. ElogDmp runs from the command prompt. You can view the application, system, and security log using ElogDmp. You can view the logs remotely or locally. You must have the correct permissions to view the logs. Anyone can view the application log. You must have administrative rights on the local machine to view the system and security logs. Elogdmp.exe is the only file required to run the Event Log Query tool. ElogDmp uses the following syntax:
elogdmp [-?] <i class="emphasis">computername eventlogtype</i>
Table 12.12 explains the syntax for ElogDmp.
| Variable | Description |
|---|---|
| Computername | The name of the computer being queried. |
| Eventlogtype | Which event log to display. The choices are Application, Security, or System. |
| -? | Displays help. |