NTLast v3.0

Security audit tool for Windows NT.

NTLast is specifically targeted for serious security and IIS administration. Scheduled review of your NT event logs is critical for your network. A server breach can be uncovered by regular system auditing. Identifying and tracking who has gained access to your system, then documenting the details is now made easier with NTLast. This tool is able to quickly report on the status of IIS users, as well as filter out web server logons from console logons.

Key Features

  • Reads saved .evt files - makes it easy to search through your archives
  • Allows you to search before, after, and between dates - again to zoom in on something
  • Filters logons 'From' a certain host - helps you zoom in on suspected intrusions
  • Can save files in a csv format w/ time field formatted for Excel
  • Filters out and distinguishes web log usage - cuts down search time

Some Screen Shots
Shot of failed logons by user

Shot of failed logons by user

Shot of the last ten logon failures by username in condensed mode - SOMEONE GUESSING A PASSWORD

Shot of the last ten logon failures

Shot of IIS Activity

Shot of IIS Activity

System Requirements

  • Windows NT 4.0 SP3
  • IIS 4.0 if using the IIS filter switch
  • 16MB Memory
  • Administrator privileges
  • Audit log enabled with searchable records
  • Set NT command line buffer to 500 or more lines. 1200 lines works well