EventListThis software package consists of 11 separate tools. Six of them can be downloaded as Shareware versions for testing purposes, but some options won't work in the Shareware versions. You can test every Shareware module for 4 weeks with one account. If you find at least one of the tools useful and are willing to use it after this period of time, then you need to pay a small registration fee and get the unrestricted versions of all tools. Pay once and get all modules! When you want to register, just request an offer according to your needs. The current price list is also available online.
Most of the tools offer abundant possibilities for the evaluation of one or two specific events. You have the possibility to choose if you want to create the report in text format or as data records, if you want to create summaries per user or exhaustive reports per event and so on. The evaluation programs won't work with the eventlog files currently used by Windows itself. You can only evaluate saved eventlog files. With the Freeware tool EventSave, it is no problem to easily save the logs into a file.
You can also choose whether the output should be created in OEM or in ANSI character set. As you probably know, OEM is the default character set in the command line window. The use of this option is recommended if the output of a tool will go onto the screen. ANSI is the usual character set for most GUI programs. The use of this option is recommended if you pipe the output of a program into a file, which will be processed or viewed by a GUI program later.
This software was developed with largest care. However, the author can not guarantee that it runs under each version of Windows on each computer flawlessly. There is no warranty for the program, to the extent permitted by applicable law. The copyright holder provides the program "as is" without warranty of any kind.
If you have any questions regarding these tools, please have a look at the FAQ first, the answer might be already there.
Windows NT 4
Windows 2000
Windows XP professional
Windows 2003
Windows Vista as client - possible, but not recommended
Windows Vista as host - neither recommended nor supported
EventList| Availability | Shareware, you may test it for four weeks.
Some options don't work in this evaluation version, see help file. |
| Current Version | 5.4 |
| Last Change | 24. February 2006 |
| Size (zipped) | 52 KB |
| Description | EventList evaluates all or some of the logfiles.
It gives a short summary about the kind and number of events in every file. |
Further details regarding the program you will find within the accompanying text file.
R20050| Availability | Shareware, you may test it for four weeks.
Some options don't work in this evaluation version, see help file. |
| Current Version | 5.0 |
| Last Change | 14. March 2001 |
| Size (zipped) | 46 KB |
| Description | R20050 evaluates the RAS events 20050 and 20048 (connections to the RAS server) in the system log.
It tells you how long every user was logged in via RAS (per job or as summary over all jobs). |
Further details regarding the program you will find within the accompanying text file.
R528| Availability | Shareware, you may test it for four weeks.
Some options don't work in this evaluation version, see help file. |
| Current Version | 6.0 |
| Last Change | 18. December 2006 |
| Size (zipped) | 52 KB |
| Description | R528 evaluates the events 528, 538, 540 and 551 of the Security log.
It tells you how long every user session continued, how many times every user was logged in and more. |
Further details regarding the program you will find within the accompanying text file.
R529| Availability | Shareware, you may test it for four weeks.
Some options don't work in this evaluation version, see help file. |
| Current Version | 5.6 |
| Last Change | 24. February 2006 |
| Size (zipped) | 50 KB |
| Description | R529 evaluates the events 529 and 528 of the Security log.
It tells you with which account name on what machine on what time somebody failed to log on. It tells you if it the attempt was made local or via the network. It does tell you how many attempts made an attack and how long it was going on. To count 2 attempts to the same attack, they must proceed from the same computer and the time difference between them must be less then 5 minutes. The program does tell you if the attack was successful or not. To consider an attack successful, there must be a successful logon (event 528) from the same machine within the time window of 5 minutes after the last failed attempt. |
Further details regarding the program you will find within the accompanying text file.
R560| Availability | Shareware, you may test it for four weeks.
Some options don't work in this evaluation version, see help file. |
| Current Version | 2.0 |
| Last Change | 7. June 2006 |
| Size (zipped) | 49 KB |
| Description |
R560 evaluates the event 560 of the Security log of Windows XP and Windows 2003 machines.
|
Further details regarding the program you will find within the accompanying text file.
R592| Availability | Shareware, you may test it for four weeks.
Some options don't work in this evaluation version, see help file. |
| Current Version | 5.0 |
| Last Change | 14. March 2001 |
| Size (zipped) | 49 KB |
| Description | R592 evaluates the events 592 and 593 of the Security log.
It tells you which programs were used how often and how long by which users. You can get long lists (one line per event) or a summary, sorted by user (only available in the registered version) or by program name. |
Further details regarding the program you will find within the accompanying text file.
RP10| Availability | Shareware, you may test it for four weeks.
Some options don't work in this evaluation version, see help file. |
| Current Version | 6.0 |
| Last Change | 7. June 2006 |
| Size (zipped) | 49 KB |
| Description | RP10 evaluates the print event 10 (Printjobs) in the system log.
It tells you how many pages every user printed (per job or as summary per printer). If the system log has no information about the number of pages printed, the number of bytes is reported. If you want to use this tool, first read carefully trough the documentation, which gives you some hints about what you can not expect from the print data written to the Eventlog! |
Further details regarding the program you will find within the accompanying text file.
EventSave+| Availability | Only available with the registered version of Report Event for Windows |
| Current Version | 6.2 |
| Last Change | 05. February 2007 |
| Description |
Some people asked for a version of EventSave, which does not save the events from all current logs.
EventSave+ works the same way as EventSave does, but it allows you to choose the log(s) you want to save. There is no demo version available of EventSave+ (except the Freeware program EventSave), it is part of the registered version of Report Event for Windows only. |
Further details regarding the program you will find within its documentation.
EventCopy| Availability | Only available with the registered version of Report Event for Windows |
| Current Version | 6.0 |
| Last Change | 14. July 2003 |
| Description |
Many people asked for a version of EventSave, which does only copy the events from the current logs to some files, without
clearing the logs after that step. EventCopy works the same way as EventSave+ does, except for the following
differences:
Make sure to use EventCopy with a different destination path than EventSave+ or EventSave use!
There is no demo version available of EventCopy (except the Freeware program EventSave), it is part of the registered version of Report Event for Windows only. |
Further details regarding the program you will find within its documentation.
ECA| Availability | Only available with the registered version of Report Event for Windows |
| Current Version | 6.0 |
| Last Change | 14. July 2003 |
| Description |
ECA is the abbreviation for Event Copy & Append and is a version of EventSave, which does only backup events to another file without clearing the logs after that step. The program remembers the time stamp of the last event copied for each log. When the program does run again, it does only append new events to the files in the backup directory. Besides these differences, ECA works the same way as EventSave+ does.
Make sure to use ECA with a different destination path than EventSave+ or EventSave use!
There is no demo version available of ECA (except the Freeware program EventSave), it is part of the registered version of Report Event for Windows only. |
Further details regarding the program can be found in the documentation.
MER (Merge Eventlog Records)| Availability | Only available with the registered version of Report Event for Windows |
| Current Version | 4.0 |
| Last Change | 14. July 2003 |
| Description |
The purpose of this program is to merge some or all events from different Windows machines into one file. While copying the
events, they will be sorted by time.
Example:
This command scans the Security logs of the month May 2001 of all machines which are located in the directory C:\Events and copies all events with logon failures into the target file 2001_05_Breakin_Security.evt in the current directory. Events which are already in the target file will be skipped with the parameter /N. There is no demo version of MER available, it is part of the registered version of Report Event for Windows only. |
Further details regarding the program can be found in the documentation.
Copyright © 1998-2007 Frank Heyne