
In order to implement the wrapper concept, I needed the UNIX tools on which
logcheck.sh depends, including an actual UNIX shell and various other text
utilties.  I could have used the Cygwin tools, which is an awesome port of
UNIX functionality to Windows, but it is also rather large, complex and
requires a lot of installation to run really well.

So instead, I used K. M. Syring's free ports of common GNU utilities to
native Win32 (http://www.weihenstephan.de/~syring/win32/UnxUtils.html):
    cat		conCatenate
    date	Show/set the date
    egrep	Get Regular Expressions
    rm		Remove
    sed		Steaming EDitor
    sh		The Bourne shell (kind of, actually zsh)

    (Other really useful tools in that collection that are NOT included here
    are cut, uniq, sort (much better than DOS'), and wc.

I also used:
    DumpEvt	Dump Event Logs			
		http://www.somarsoft.com/somarsoft_main.htm#DumpEvt
		
    blat	Send e-mail from the command line in Windows
    		http://www.interlog.com/~tcharron/blat.html

    auditpol	Displays or modifies auditing (logging) policies
		http://www.microsoft.com/windows2000/zipdocs/security.exe
		(From: Securing IIS 5.0 Using Batch-Oriented Command Files)
		(http://www.microsoft.com/TechNet/prodtechnol/iis/deploy/confeat/seciis50.asp)


Finally, the native NT/2000 hostname.exe and cacls.exe are in there too.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A note about Dumpevt. The message below is from Somarsoft/SystemTools Tech
Support. I reported the fact that Dumpevt will incorrectly dump the
Application log if the Event Log you *tried* to dump does not exist:


Date: Thu, 30 Aug 2001 10:31:09 -0500
From: XXXXXXXXXXX <XXXXX@systemtools.com>
To: jp@jpsdomain.org
Subject: RE: Bug in DumpEvt?

JP,

I've had our developer look at this and unfortunately there is no easy way
to change this behavior.

The documentation for the OpenEventLog function states:

"...specifies the name of the logfile that the returned handle will
reference. This can be the Application, Security, or System logfile, or a
custom registered logfile. If a custom registered logfile name cannot be
found, the event logging service opens the Application logfile."

Essentially, the API that reads the event log will return the application
log if the event log being asked for does not exist. Once it returns the
handle, there isn't any way that DumpEvt can tell which log is being read.

This appears to be a limitation in the way NT handles event logs and we
don't have a way at this time to work around it.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Last Updated: Mon Jan 21 19:34:33 EST 2002
-- JP Vossen <jp@jpsdomain.org>
