Saving event log data

In order to analyze event logs, you must make them available to CyberSafe Log Analyst. This is a two-step process: first you save the "raw" event log, then you add the saved event log to the Logs to be Analyzed node in CLA.

The following two procedures describe how to save the "raw" event log data on the computer running CLA and on other computers. Note that you can use your own method of saving the event log. We recommend that you use a batch operation to save multiple event logs from multiple computers.

To save the local event log

This procedure automates the process of saving the event log from the computer where CLA is installed.

In the CyberSafe Log Analyst scope pane, right-click the Logs to be Analyzed node and choose Cut Live Local Event Log from the shortcut menu. The event log is saved in the Pending subdirectory of CLA (for example, c:\program files\cla\pending). It is also added to the Logs to be Analyzed node, so you can immediately analyze the event log.

To save the event log from other computers

This procedure saves the current "raw" event logs from other computers. These instructions detail a very simple, manual method of saving the event log so you can later analyze it.

  1. On the computer containing the event log you want to analyze, open the Windows 2000 Event Viewer (by choosing Start > Administrative Tools (Common) > Event Viewer).

  2. Choose Log > Security to view the current day's security event log.

  3. Choose Log > Save As to save the event log. Note the file name must include the .evt file extension, and must be saved in the Pending subdirectory of CLA (for example, c:\program files\cla\pending).

Related Topic

Adding event logs