Reviewing event logs is one of the most important of the tasks and one of the most ignored. NT Objectives' NTLast is a utility needed in any Windows NT administrators tool box. NTLast is a command-line tool that searches local and remote NT security event logs to display entries in an easy-to-read onscreen report. NTLast can open and review archived event logs and pipe output to a text file. For IIS admins, NTLast can distinguish between local console logons and remote network logons and can filter and display Microsoft Internet Information Server (IIS) logons.

NTLast supports a wide variety of command-line switches, for example, -f tells NTLast to display all failed logon attempts in the security event logs. Check it out : NTLast

Frank Heyne has made available a Windows NT Eventlog FAQ .

Excellent!!!! Scary. Hack Win9x, NT, Netware, Unix, Web, ...