NTLast is specifically targeted for serious security and IIS administration. Scheduled review of your NT event logs is critical for your network. A server breach can be uncovered by regular system auditing. Identifying and tracking who has gained access to your system, then documenting the details is now made easier with NTLast. This tool is able to quickly report on the status of IIS users, as well as filter out web server logons from console logons.

Key Features

• Reads saved .evt files – makes it easy to search through your archives
• Allows you to search before, after, and between dates – again to zoom in on something
• Filters logons ‘From’ a certain host – helps you zoom in on suspected intrusions
• Can save files in a csv format w/ time field formatted for Excel
• Filters out and distinguishes web log usage – cuts down search time

Website: http://www.foundstone.com/us/resources/proddesc/ntlast.htm