AVMan.log - AV
Management plugin log (contains copies of all AV events)
GUProxy.log - GUP
plugin log (if you have a GUP enabled)
LUMan.log - SEP
Client LiveUpdate plugin log
processlog.log -
Application and Device Control log
rawlog.log -
Firewall Packet log
seclog.log -
Security log (IPS events mainly)
syslog.log - System
log
tralog.log -
Firewall Traffic log
Using Microsoft's Log Parser and Log Parser Studio, I created a couple of queries to parse these logs. And the best part is, you can query the logs on a remote system. The only thing left for you to do is export the results into your timeline. The library file for Log Parser Studio can be found here.
Enjoy!
No comments:
Post a Comment