Sysadmins of the North

Technical blog, where topics include: computer, server, web, sysadmin, MySQL, database, virtualization, optimization and security

Tag: LogParser

Merge multiple files into one new file in Windows

A quicky: if you need to merge multiple text files into one new file in Windows, you can use the copy command in cmd.exe, and here is how:

Continue reading

Intrusion Detection with Windows Event ID’s

Found via This paper is the best I have ever read on how to build IOC’s with Windows Event ID’s. I highly recommend you to read it, it contains very useful information and some very interesting behavioural examples of attacker activity. If you are looking to enhance your detection in your core network this is the document!

Continue reading

Grep for forensic log parsing and analysis on Windows Server IIS

How to use GnuWin32 ported tools like grep.exe and find.exe for forensic log file analysis in Windows Server. In this article I’ll give some real live examples of using these ported GnuWin tools like grep.exe for logfile analysis on Windows servers. The article provides three example, as an alternative to LogParser, because finding spam scripts fast is often very important.

Continue reading

“Forensic Log Parsing with Microsoft’s LogParser”

Just stumbled upon: Forensic Log Parsing with Microsoft’s LogParser.
Continue reading