A: Start - Programs - Administrative Tools - Computer Management - System Tools - Event Viewer, and then clear the log.
II: Windows2000 log files usually have the application log, security log, system log, DNS server log, FTP log, WWW logs and so on.
default situation for the log file: Application logs, security logs, system logs, DNS log default location:% sys temroot% system32 config, the default file size of 512KB, the administrator will alteration the default size.
security log file:% systemroot% system32 config SecEvent.EVT
system log file:% systemroot% system32 config SysEvent.EVT
application log file:% systemroot% system32 config AppEvent.EVT
Internet Information Services FTP log default location:% systemroot% system32 logfiles msftpsvc1 ,
tods gommini, along default every day a log
Internet Information Services WWW log default location:% systemroot% system32 logfiles w3svc1 , by default every day a log
Scheduler service logs the default location:% sys temroot% schedlgu.text
extra log in the registry key:
application log, security log , the system logs, DNS server log, which the LOG file in the registry:
HKEY_LOCAL_MACHINE system CurrentControlSet Services Eventlog Some superintendents are likely to re-locate these logs. There are numerous of them babies EVENTLOG chart beneath, which can be base above the positioning of the log directory.
Schedluler service log in the registry HKEY_LOCAL_MACHINE SOFTWARE Microsoft SchedulingAgent
FTP and WWW logs Detailed:
FTP and WWW logs by default, the log every day to produce a log file that contains always records that date, the file name is usually ex (year) (month) (date), such ex001023, is 23 October 2000 the log, you can directly use Notepad to open the following example:
# Software: Microsoft Internet Information Services 5.0 (Microsoft IIS5.0)
# Version: 1.0 (version 1.0)
# Date: 20001023 0315 (service begin date and time)
# Fields: time cip csmethod csuristem scstatus
0315 127.0.0.1 [1] USER administator 331 (IP address 127.0.0.1 the user tries to log named administator)
0318 127.0.0.1 [1] PASS 530 (Logon Failure)
032:04 127.0 .0.1 [1] USER nt 331 (IP address 127.0.0.1 user appoint nt the consumer tries to log ashore)
032:06 127.0.0.1 [1] PASS 530 (Logon Failure)
032:09 127.0 .0.1 [1] USER cyz 331 (IP address 127.0.0.1 the user tries to log a user named cyz)
0322 127.0.0.1 [1] PASS 530 (Logon Failure)
0322 127.0.0.1 [1 ] USER administrator 331 (IP address 127.0.0.1 user named administrator tries to log on)
0324 127.0.0.1 [1] PASS 230 (successful logon)
0321 127.0.0.1 [1] MKD nt 550 (New directory failed)
0325 127.0.0.1 [1] QUIT 550 (exit FTP program)
can see from the log the user IP address 127.0.0.1 has been trying to log in for quadruple a user name and password to the success of the administrator that the administrator can instantly invasion time, IP address and user name observation, as denoted in patients with all overtruder administrator user name is entered, then they would consider replacing the user name password, or rename the administrator user.
WWW log:
WWW service with FTP services, the log is in% sys temroot% sys tem32 LogFiles W3SVC1 directory, the default is a log file every day,
tods shoes online, here is a typical The WWW log file
# Software: Microsoft Internet Information Services 5.0
# Version: 1.0
# Date: 20001023 03:091
# Fields: date time cip csusername nip amusement csmethod csuristem csuriquery scstatus cs ( UserAgent)
20001023 03:091 192.168.1.26 192.168.1.37 80 GET / iisstart.asp 200 Mozilla/4.0 + (compatible; + MSIE +5.0; + Windows +98; + DigExt)
20001023 03:094 192.168 .1.26 192.168.1.37 80 GET / pagerror.gif 200 Mozilla/4.0 + (compatible; + MSIE +5.0; + Windows +98; + DigExt)
the sixth line of the inquiry can be looked October 23, 2000 , IP address is 192.168.1.26 IP address of the user by accessing wharf 80 for the 192.168.1.37 machine, view a page iisstart.asp, the user's browser is compatible; + MSIE +5.0; + Windows +98 + DigExt , an seasoned administrator to be passed by the Security log, FTP log, and WWW logs to determine the intruder's IP address and the invasion of time. Even whether you delete the FTP and WWW logs, merely still in the system log and security log record, but a agreeable show you merely the machine name and not your IP, such for the above digit of detected, the system log will have the emulating records:
by a glimpse October 23, 2000,
tods boots, 16:17, the warning system because of decisive accidents, double-click the first one, open its properties:
attribute in disc the causes for the warning is because someone tried to use administator username, one error, the source is FTP service. Safety disc in the same period will also jot down: (Ekin: The instance of this map is not a security log)
in the picture above you can see 2 icons: the key (for success) and latch (for when the user is act What are the system when stopped). Series of four lock icon, indicating four failed inspect, the event type is the list login and log off fails, the date is October 18, 2000, time was 1002, which absence to focus on detection. Double point of a failed inspect memorabilia that are described in elaborate for this event, as shown in Figure 12:
analysis above, we can see that there is a CYZ workstations, using administator username of the machine, but because Unknown user name or password error (the substantial error for the Password) failed. Another DNS waiter logs, not quite momentous, this skipped (in truth I have not seen it)
Windows2000 know the details of the log, the following have to study how to delete these logs:
by above, that routinely have a service log files in the background conservation, in appending to the system log, security log, applications log and so on, their service is the opener to the process Windos2000, but also in a registry file, while refreshed Windows2000, Start services to protect these files, it is tough to remove, and WWW logs and FTP logs and can be lightly Scedlgu logs are deleted.
first to obtain Admnistrator password alternatively a membership of the Administrators group, and then Telnet to the remote host, the premier to attempt to remove the FTP log:
D: SERVER> del schedlgu.txt
D: SERVER SchedLgU . Txt
process tin not access the document because different agenda is using this file.
said, behind there service protection, first service stopped!
D: SERVER> net stop
stop the Task Scheduler service ambition likewise stop these services.
Remote Storage Engine
if to proceed this operation? (Y / N) [N]: y
Remote Storage Engine service is stopped ....
Remote Storage Engine service was stopped successfully.
Task Scheduler service is stopped.
Task Scheduler service was stopped successfully.
OKAY, it stopped the service,
tods boots, but also stopped a dependent relationship with its service. Again try to delete it!
D: SERVER> del schedlgu.txt
D: SERVER>
no feedback? Success! Next is the FTP log and WWW logs, the conviction is the same, the first stopped-related services, and then delete the log!
D: SERVER system32 LogFiles MSFTPSVC1> del ex *. log
D: SERVER system32 LogFiles MSFTPSVC1>
operation successfully removed more than FTP log! WWW log anew!
D: SERVER system32 LogFiles W3SVC1> del ex *. log
D: SERVER system32 LogFiles W3SVC1>
OK! Congratulations, now simply log have been successfully removed. The following is the trouble of security and system logs, the guardian of the services of these logs is Event Log,
tods uk, try cornering off it!
D: SERVER system32 LogFiles W3SVC1> net stop eventlog
apply this service can not adopt the
KAO, I served the U, no way, it is a fussy service. If you do not have third-party tools, not on the command line to delete the security log and system logs may be! So is starting a simple but breaks way too slow: Open the item has a Open the following diagram:
elect the remote computer's security log, select it's property right:
click Properties in the Clear security log is ready! Suffer the same to explicit the system log!
current tools without the help of the third circumstance, fast, very smooth way to remove FTP, WWW also Schedlgu log, is the system log and security log is Windows2000 firm guard, can only use the regional Event Viewer to open it, because in a graphical interface, combined with speed and slow, if you money and more leisure time, or you can remove it. In synopsis, the introduction of the log files and delete Windows2000 way, but you must be Administrator, care must be the administrators or management crew members of the registry to open the security log records. This program applies to Windows 2000 Professional calculator, and also applies as a standalone server or member server running Windows 2000 Server microprocessor.
this point, Windows2000 based Lecture by safety perception, notwithstanding the FTP, and so the log can be quickly removed, but the system log and security log is not so rapid, it can be successfully removed if they are clever administrator, the log file to another location, it is even harder, so the warn everyone, do not take a test the host nation, the servant law is very rigid it! So we must memorize this! (Do not mention I'm corny)
http://it.hinews.cn/bbs/read.php?tid=764998
http://www.365chuguo.com.cn/bbs/foru...4911167&extra=
http://www.365chuguo.com.cn/bbs/foru...4911182&extra=
In fact, second to write , but not write , every day, insomnia, can be how to do, sleep at night , although during the day barely up, but the bite during the day but a dissolute trapped . A pack of cigarettes a day , the evening is certainly a good calculation , not smoked does not sleep. Oh, the days of the past, do not know Shashi Hou is the head . Want to quickly leave it, want to go home , really want to parent, have not been back a year .
MBT
tods gomminiand3389 How apt delete the log
Linear Mode
