» NTLast v3.0 

Security audit tool for Windows NT.
Copyright 2000 (c) by Foundstone, Inc.
http://www.foundstone.com

NTLast is specifically targeted for serious security and IIS administration. Scheduled review of your NT event logs is critical for your network. A server breach can be uncovered by regular system auditing. Identifying and tracking who has gained access to your system, then documenting the details is now made easier with NTLast. This tool is able to quickly report on the status of IIS users, as well as filter out web server logons from console logons.

Key Features

• Reads saved .evt files - makes it easy to search through your archives
• Allows you to search before, after, and between dates - again to zoom in on something
• Filters logons 'From' a certain host - helps you zoom in on suspected intrusions
• Can save files in a csv format w/ time field formatted for Excel
• Filters out and distinguishes web log usage - cuts down search time

Reviews

Windows NT Magazine September 1999 issue product peview of the previous version, NTLast v2.6

SecuriTeam , NTLast and VisualLast (VisualLast is the GUI version of NTLast)

Some Screen Shots

Shot of failed logons by user

Shot of the last ten logon failures by username in condensed mode - SOMEONE GUESSING A PASSWORD

Shot of IIS Activity

System Requirements

Windows NT 4.0 SP3
IIS 4.0 if using the IIS filter switch
16MB Memory
Administrator privileges
Audit log enabled with searchable records
Set NT command line buffer to 500 or more lines. 1200 lines works well