============================================

   ESMPRO/ServerAgentService֘AꊇW@\

============================================

P. Tv
   {@\́AESMPRO/ServerAgentServiceɊ֘AX̏ꊇŴłB
   q܂̃VXeŖESMPRO/ServerAgentService̕sꍇ
   ESMPRO/ServerAgentService֘AeՂɎW\ɂ邱ƂړIƂĂ܂B

   ȂA{@\́wuW[eBeBxƘAgĂ܂B
   wuW[eBeBxgp邱ƂłA{@\
   Ăяos܂B



Q. gp@

   1) Administrators[U[ŃOIĂB

   2) {@\_E[hĂp̏ꍇ́Acollectsas.zip𓀂
      B
      WJꂽׂẴt@CA%EsmDir%\TooltH_(FC:\ESM\
      Tool)ɃRs[ĂB
      ̃tH_Ɋi[Ă@\̓ɖ͂܂񂪁A
        tH_͐΃pX260BytesƂȂ悤ɂĂB

   3) GNXv[gpāA%EsmDir%\TooltH_(FC:\ESM\Tool)
      ɂcollect.exe_uNbNĎsĂB

   4) %EsmDir%\TooltH_ɍ쐬ꂽlogtH_̎悵ĂB
      logtH_т̔zESMPRO/ServerAgentService֘Ãt@C
      Qi[܂B

      ̊i[tH_́A%EsmDir%\logtH_(FC:\ESM\log)ł
        ܂̂ŁAԈႦȂ悤ӂĂB



R. ӎ
  3.1 {@\̎悷ESMPRO/ServerAgentService֘A͏㏑܂B
      OqlogtH_т̔zɍ쐬ꂽt@C폜
      {@\𕡐sƁAŌɎs̊֘At@C
      i[܂B


  3.2 {@\̎sō쐬(܂́A쐬)Tool\logtH_
      ̔z̊֘̕At@ĆAESMPRO/ServerAgentService
      ACXg[ɂ͍폜܂B
      ֘At@C͕̎K폜ĂB

   ydvz%EsmDir%\logtH_(FC:\ESM\log)́AESMPRO/ServerAgentService
           ɕKvł̂ŁA폜邢̓l[ȂłB


  3.3 Ot@C̍̎ɂ
      ̎ΏۃOt@C̃t@Ć̕At@C܂߂
      ΃pX260BytesłȂ΂Ȃ܂B
      ΃pXł̃t@C260Bytesȏ̃t@C͍̎ł܂B

      ܂A̎Ώۂ̃t@CWXg擾ꍇA
      擾ƂĎwł郌WXg̃L[ 255BytesłB
      L[255Byteȏ̃WXg̓t@C̏擾
      Ƃ͂ł܂B


  3.4 WXg̍̎ɂ
      ̎Ώۂ̃WXg̃L[́A255BytesłȂ΂Ȃ܂B
      L[255Bytesȏ̃WXg̏̎悷邱Ƃ͂ł܂B


  3.5 {@\͏̎Ώۑũ[JfBXNŎsĂB
      lbg[NڑꂽhCuł̓̓T|[gĂ܂B


  3.6 {@\OSZ[t[hŋNĂԂł̓̓T|[g
      Ă܂B

  3.7 eW20ȓɊłȂꍇAWI܂B
      ̏ꍇ́AErrorinf.logɈȉ̃bZ[Wo͂܂B
      .
      ##Time-out occurred. It ends. : eventlog.exe /tsec log\Security.TXT 20:16:31:384

      ## Warn : Some commands have not been completed within 1200000 milliseconds.
      ## Those commands were aborted.
      ## Or some commands are also active at present.

S. t^  - ESMPRO/ServerAgentService֘A -
   {@\ł́Aȉ̏Q͏WĂ܂B
  (uEɂāA̎ł񂪈قȂ܂B)

           W(ۑt@C)
     ----------------------------------------------------------------
     yWXgz
     yCxgOz
       yVXez        ( msdrpt.txt )
     yOt@Cz
       ỹ|[gƉ̏z
                               ( WER\ReportArchive\tmpdirname\Report.wer,
                                 WER\ReportQueue\tmpdirname\Report.wer,
                                 WER\ReportArchive\tmpdirname\*.txt,
                                 WER\ReportQueue\tmpdirname\*.txt )
     y[Nt@Cz
     yt@Cf[^z      ( filedata.csv )
     ylbg[Nz    ( network.txt )
     yWMIz             ( SASWmiinfo.txt )
       ySMBIOSz          ( smbios.csv )
       yWindows OS CZXF؏z
                               ( SYSUP\slmgrdlv.log )
       yWinRM̐ݒz     ( Winrmcgf.txt )
     yXVvOKpz
                               ( qfe_list.txt )
     yO[v|V[Kpz
                               ( gpresult.html )
     y{[}Egz
                               ( mountvol.txt )
     yhCRg[퐫z
                               ( dcdiag.txt )
     yhCRg[z
                               ( repadmin.txt )
     yz        ( w32tm.txt )
     y{[/RDRꗗz
                               ( fltmc.txt )
     y{[jԏz
                               ( fsutil.txt )
     yWindows Update z
                               ( getwindowsupdatelog.log,
                                 getwindowsupdatelog.txt )
     yčȌo͐ݒz  ( auditpol.txt )
     yDNS ][̏z    ( dnscmd.txt )
     ykerberos `Pbg̏z
                               ( klist.txt )
     yTCg̏z    
     yZLA`lmDC̏z
                               ( nltest.txt )
     ySYSVOL tH_z̏z
                               ( sysvol.txt )
     ytB^[hCo[Aу{[̃CX^Xz
                               ( Fltmc_Instances.txt )
     ydv̐ݒz    ( powercfg.txt )
     yVhERs[֘A̐ݒz
                               ( vssadmin_list.txt )
     yNAST[o[\z
                               ( NAS_PERFtH_ )
     ----------------------------------------------------------------


   WΏۂ(LꗗɁ)̏ڍׂɂẮA
   ȉɋLqĂ܂B
   (uEɂāA̎ł񂪈قȂ܂)

  4.1 WXg
     WXg͈ȉ̏WĂ܂B

           WXgL[(ۑt@C)
     ------------------------------------------------------
      SOFTWARE\NEC\ESMAgent (EsmAgent)
      HARDWARE (Hardware)
      HARDWARE\DEVICEMAP\Scsi (Scsi.txt)
      SYSTEM\CurrentControlSet\Services (Service)
      SYSTEM\CurrentControlSet\Services\mssmbios\Data(SMBiosData)
      SOFTWARE\NEC\ESRAS (Esras)
      SOFTWARE\NEC\ESMAlertMan\ALIVE (Alive)
      SOFTWARE\NEC\ESMAlertMan\BaseSetting (Baseset)
      SOFTWARE\NEC\ESMAlertMan\DependentService (Dpndserv)
      SOFTWARE\NEC\ESMAlertMan\Destination (Dstntion)
      SOFTWARE\NEC\ESMAlertMan\MainService (Mainserv)
      SOFTWARE\NEC\ESMAlertMan\Socket (Socket)
      SOFTWARE\NEC\ESMAlertMan (Alertman.txt)
      SOFTWARE\NEC\ESMAlertMan\ReportTable (AMLog\ReportTable)
      SOFTWARE\NEC\ESMAlertMan\Install (AMLog\Install)
      SOFTWARE\NEC\ESMAlertMan\ExpressReport(HTTPS) (AMLog\ExpHTTPS)
      SOFTWARE\NEC\EXPService (ExpServ)
      SOFTWARE\NEC\EXPC (EXPC)
      SOFTWARE\NEC\EXPCSetup (EXPstup)
      SOFTWARE\NEC\HW (NECHW)
      SOFTWARE\NEC\Vita (NECVita)
      SOFTWARE\NEC\HAS (HasVms)
      SYSTEM\CurrentControlSet\Control (Control)
      SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix (MSHotFix)
      SOFTWARE\Microsoft\Updates (MSUpdates)
      SOFTWARE\NEC\ESMAlertMan\ReportTable\EventLog\WatchLogData (WatchLog)
      SOFTWARE\NEC\ESMAlertMan\AMMNEV (AMMNEV)
      SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib (Perflib.txt)
      SOFTWARE\Microsoft\Windows NT\CurrentVersin (CurrentVer.txt)
      SYSTEM\CurrentControlSet\Enum\PCI (PCI)
      SOFTWARE\LSI Logic Corporation (LSI)
      SOFTWARE\American Megatrends Inc. (AMI)
      SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall (Uninstall)
      SOFTWARE\NEC\AlertReport (AlertReport)
      SOFTWARE\NEC\NVBASE\AlertViewer\AlertType (AlertType)
      SOFTWARE\Promise Technology, Inc. (Promise)
      SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products (Installer)
      SYSTEM\CurrentControlSet\Services\PromiseWebPAM (WebPAM)
      SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs (SharedDLLs)
      SOFTWARE\NEC\ESMAgent\WS (WS\WS)
      SYSTEM\CurrentControlSet\services\NECRAS (WS\NECRAS)
      SYSTEM\MountedDevices(MountedDevices)
     ------------------------------------------------------
      64rbgOS(x64)̏ꍇAL̏ɉĈȉ̏W܂B

           WXgL[(ۑt@C)
     ------------------------------------------------------
      SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix (x64reg\MSHotFix)
      SOFTWARE\Microsoft\Updates( x64reg\MSUpdates)
      SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib (x64reg\Perflib.txt)
      SOFTWARE\Microsoft\Windows NT\CurrentVersion (x64reg\CurrentVer.txt)
      SOFTWARE\LSI Logic Corporation (x64reg\LSI)
      SOFTWARE\American Megatrends Inc. (x64reg\AMI)
      SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall (x64reg\Uninstall)
      SOFTWARE\Promise Technology, Inc. (x64reg\Promise)
      SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products (x64reg\Installer)
      SYSTEM\CurrentControlSet\Services\PromiseWebPAM (x64reg\WebPAM)
      SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs (x64reg\SharedDLLs)
      SOFTWARE\NEC\ESMAgent (x64reg\EsmAgent)
      SOFTWARE\NEC\ESMAgent\WS (WS\WS)
     ------------------------------------------------------

  4.2 CxgO
     CxgO͈ȉ̏WΉƂĂ܂B

          CxgO(oCi`)
     ------------------------------------------------------
      Security.EVT
      System.EVT
      Applicat.EVT
      NTDS.EVT
      DnsEvent.EVT
      NtFrs.EVT
      Setup.EVTX
      DFS Replication.EVTX
      Internet Explorer.EVTX
      Key Management Service.EVTX
      HardwareEvents.EVTX
      Windows Powershell.EVTX
      Media Center.EVTX
      VHDMP.EVTX (VHDMP2.EVTX)
      Wmiop.EVTX
      Wmitrace.EVTX
      Backup.EVTX
      GPOperational.EVTX
      ActiveDirectoryWebServices.EVTX
     ------------------------------------------------------

          CxgO(eLXg`)
     ------------------------------------------------------
      Security.TXT
      System.TXT
      Applicat.TXT
      NTDS.TXT
      DnsEvent.TXT
      NtFrs.TXT
      Setup.TXT
      DFS Replication.TXT
      Internet Explorer.TXT
      Key Management Service.TXT
      HardwareEvents.TXT
      Windows Powershell.TXT
      Media Center.TXT
      Wmiop.TXT
     ------------------------------------------------------


  4.3 Ot@C
     Ot@C͈ȉ̏WĂ܂B

          Ot@C(ۑt@C)
     ------------------------------------------------------
      %EsmDir% ̑S*.logt@C (EsmDir)
      %EsmDir% ̑S*.datt@C (EsmDir)
      %EsmDir% ̑S*.init@C (EsmDir)
      %EsmDir%\data z̑St@C (EsmData)
      %EsmDir%\log ̑St@C (EsmLog)
      %EsmDir%\esmda\log ̑St@C (EsmdaLog)
      %EsmDir%\esmda\inf ̑St@C (EsmdaInf)
      %windir%\repair\setup.log (setup.log)
      %SystemRoot%\system32\nvramsrv.log (nvramsrv.log)
      --- (drwtsn32.log)
      %SystemDrive%\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Dr Watson̑S*.logt@C(DrWatson)
      %SystemDrive%\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ReportArchive\tmpdirname\Report.wer (ReportArchive\tmpdirname\Report.wer)
      %SystemDrive%\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ReportQueue\tmpdirname\Report.wer (ReportQueue\tmpdirname\Report.wer)
      %SystemDrive%\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ReportArchive\tmpdirname\*.txt (ReportArchive\tmpdirname\*.txt)
      %SystemDrive%\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ReportQueue\tmpdirname\*.txt (ReportQueue\tmpdirname\*.txt)
      SOFTWARE\NEC\ESMAlertMan MethodDir wtH_z̑Sinit@C (AlertMtd)
      %Temp%\instsa.log (instsa.log)
      %Temp%\instsa_p.log (instsa_p.log)
      %SystemRoot%\setupapi.log (setupapi.log)
      %SystemRoot%\setupact.log (setupact.log)
      %SystemRoot%\setuperr.log (setuperr.log)
      %SystemRoot%\svcpack.log (svcpack.log)
      %SystemRoot%\muisetup.log (muisetup.log)
      %SystemRoot%\regopt.log (regopt.log)
      %SystemRoot%\system32\wbem\Logs ̑St@C (wbemlogs)
      %SystemRoot%\instsa.log (instsa_2.log)
      %SystemRoot%\system32\drivers\etc\hosts (hosts)
      %SystemRoot%\system32\drivers\etc\lmhosts (lmhosts)
      %SystemRoot%\system32\drivers\etc\Regserv.dat (Regserv.dat)
      %SystemRoot%\..\Progra~1\MegaRAID\client\Raid.log (Raid.log)
      %SystemRoot%\..\Progra~1\Promis~1\Promis~1\HIST_PAM.LOG (HIST_PAM.LOG)
      %SystemRoot%\..\Progra~1\Promis~1\Promis~1\BadSector.txt (BadSector.txt)
      %SystemRoot%\..\Progra~1\Promis~1\Promis~1\SyncErr.txt (SyncErr.txt)
      %SystemRoot%\..\Progra~1\Promis~1\Promis~1\PROMISE\log\FASTTRAK\Contro~1\Controller1.log (Controller1.log)
      %SystemRoot%\msgagt.ini(msgagt.ini)
      %SystemRoot%\AMInsCore.log (AMLog\AMInsCore.log)
      %SystemRoot%\AMISHTTP.log (AMLog\AMISHTTP.log)
      %SystemRoot%\AMInsExt.log (AMLog\AMInsExt.log)
      %SystemRoot%\AMISEXMG.log (AMLog\AMISEXMG.log)
      %SystemRoot%\amwmiprv.InstallLog (AMLog\amwmiprv.InstallLog)
      %SystemRoot%\System32\Piclog ̑St@C(Piclog)
      %windir%\$SYSUP$\LOG ̑St@C(SYSUP\LOG)
      %windir%\Logs\CBS ̑St@C(CBS)
      %windir%\Logs\WindowsServerBackup ̑Slogt@C
      %windir%\Logs\WindowsServerBackup ̑Setlt@C
      %windir%\$SYSUP$\DOTNET ̑Slogt@C(SYSUP\DOTNET)
      %windir%\$SYSUP$\XP ̑Slogt@C(SYSUP\XP)
      %windir%\$SYSUP$\W2K ̑Slogt@C(SYSUP\W2K)
      %windir%\$SYSUP$\VISTA ̑Slogt@C(SYSUP\VISTA)
      %windir%\$SYSUP$\WS2008 ̑Slogt@C(SYSUP\WS2008)
      %windir%\$SYSUP$\WIN7 ̑Slogt@C(SYSUP\WIN7)
      %Systemroot%\System32\BTO.log(BTO.log)
      %windir%\$XPRUR1$ ̑Slogt@C(RUR\XPRUR1)
      %windir%\$XPRUR2$ ̑Slogt@C(RUR\XPRUR2)
      %windir%\$XPRUR3$ ̑Slogt@C(RUR\XPRUR3)
      %windir%\$XPRUR4$ ̑Slogt@C(RUR\XPRUR4)
      %windir%\$XPRUR5$ ̑Slogt@C(RUR\XPRUR5)
      %windir%\$XPRUR6$ ̑Slogt@C(RUR\XPRUR6)
      %windir%\$XPRUR7$ ̑Slogt@C(RUR\XPRUR7)
      %windir%\$XPRUR8$ ̑Slogt@C(RUR\XPRUR8)
      %windir%\$XPRUR9$ ̑Slogt@C(RUR\XPRUR9)
      %windir%\$W2K3RUR1$ ̑Slogt@C(RUR\W2K3RUR1)
      %windir%\$W2K3RUR2$ ̑Slogt@C(RUR\W2K3RUR2)
      %windir%\$W2K3RUR3$ ̑Slogt@C(RUR\W2K3RUR3)
      %windir%\$W2K3RUR4$ ̑Slogt@C(RUR\W2K3RUR4)
      %windir%\$W2K3RUR5$ ̑Slogt@C(RUR\W2K3RUR5)
      %windir%\$W2K3RUR6$ ̑Slogt@C(RUR\W2K3RUR6)
      %windir%\$W2K3RUR7$ ̑Slogt@C(RUR\W2K3RUR7)
      %windir%\$W2K3RUR8$ ̑Slogt@C(RUR\W2K3RUR8)
      %windir%\$W2K3RUR9$ ̑Slogt@C(RUR\W2K3RUR9)
      %windir%\$W2KRUR1$ ̑Slogt@C(RUR\W2KRUR1)
      %windir%\$W2KRUR2$ ̑Slogt@C(RUR\W2KRUR2)
      %windir%\$W2KRUR3$ ̑Slogt@C(RUR\W2KRUR3)
      %windir%\$W2KRUR4$ ̑Slogt@C(RUR\W2KRUR4)
      %windir%\$W2KRUR5$ ̑Slogt@C(RUR\W2KRUR5)
      %windir%\$W2KRUR6$ ̑Slogt@C(RUR\W2KRUR6)
      %windir%\$W2KRUR7$ ̑Slogt@C(RUR\W2KRUR7)
      %windir%\$W2KRUR8$ ̑Slogt@C(RUR\W2KRUR8)
      %windir%\$W2KRUR9$ ̑Slogt@C(RUR\W2KRUR9)
      %windir%\$VISTARUR1$ ̑Slogt@C(RUR\VISTARUR1)
      %windir%\$VISTARUR2$ ̑Slogt@C(RUR\VISTARUR2)
      %windir%\$VISTARUR3$ ̑Slogt@C(RUR\VISTARUR3)
      %windir%\$VISTARUR4$ ̑Slogt@C(RUR\VISTARUR4)
      %windir%\$VISTARUR5$ ̑Slogt@C(RUR\VISTARUR5)
      %windir%\$VISTARUR6$ ̑Slogt@C(RUR\VISTARUR6)
      %windir%\$VISTARUR7$ ̑Slogt@C(RUR\VISTARUR7)
      %windir%\$VISTARUR8$ ̑Slogt@C(RUR\VISTARUR8)
      %windir%\$VISTARUR9$ ̑Slogt@C(RUR\VISTARUR9)
      %windir%\$WS2008RUR1$ ̑Slogt@C(RUR\WS2008RUR1)
      %windir%\$WS2008RUR2$ ̑Slogt@C(RUR\WS2008RUR2)
      %windir%\$WS2008RUR3$ ̑Slogt@C(RUR\WS2008RUR3)
      %windir%\$WS2008RUR4$ ̑Slogt@C(RUR\WS2008RUR4)
      %windir%\$WS2008RUR5$ ̑Slogt@C(RUR\WS2008RUR5)
      %windir%\$WS2008RUR6$ ̑Slogt@C(RUR\WS2008RUR6)
      %windir%\$WS2008RUR7$ ̑Slogt@C(RUR\WS2008RUR7)
      %windir%\$WS2008RUR8$ ̑Slogt@C(RUR\WS2008RUR8)
      %windir%\$WS2008RUR9$ ̑Slogt@C(RUR\WS2008RUR9)
      %windir%\$WIN7RUR1$ ̑Slogt@C(RUR\WIN7RUR1)
      %windir%\$WIN7RUR2$ ̑Slogt@C(RUR\WIN7RUR2)
      %windir%\$WIN7RUR3$ ̑Slogt@C(RUR\WIN7RUR3)
      %windir%\$WIN7RUR4$ ̑Slogt@C(RUR\WIN7RUR4)
      %windir%\$WIN7RUR5$ ̑Slogt@C(RUR\WIN7RUR5)
      %windir%\$WIN7RUR6$ ̑Slogt@C(RUR\WIN7RUR6)
      %windir%\$WIN7RUR7$ ̑Slogt@C(RUR\WIN7RUR7)
      %windir%\$WIN7RUR8$ ̑Slogt@C(RUR\WIN7RUR8)
      %windir%\$WIN7RUR9$ ̑Slogt@C(RUR\WIN7RUR9)
      %WINDIR%\panther ̑St@C (panther)
      %WINDIR%\inf ̑Ssetupapi*.logt@C (inf)
      %WINDIR%\system32\sysprep\panther ̑St@C (sysprep\panther)
      %WINDIR%\WindowsUpdate.log (WindowsUpdate.log)
      %windir%\INTELLAN ̑Slogt@C
      %WINDIR%\debug\dcpromo.log (%COMPUTERNAME%_AD_dcpromo.log)
      %WINDIR%\debug\dcpromoui.log (%COMPUTERNAME%_AD_dcpromoui.log)
      %WINDIR%\debug\netsetup.log (%COMPUTERNAME%_DEBUG_netsetup.log)
      %systemroot%\system32\config\netlogon.dns (%COMPUTERNAME%_DNS_netlogon.dns)
      SOFTWARE\NEC\DianaScopeAgent PathName wtH_z̑Stxtt@C (DSAgent)
      SOFTWARE\NEC\DianaScopeAgent PathName wtH_z̑Sbakt@C (DSAgent)
      SOFTWARE\NEC\DianaScopeAgent PathName wtH_̑Sbint@C (DSAgent)
      SOFTWARE\NEC\DianaScopeAgent CollectPath1 wtH_̑St@C (DSAgent)
      SOFTWARE\NEC\DianaScopeAgent CollectPath2 wtH_̑St@C (DSAgent)
      SOFTWARE\NEC\DianaScopeAgent CollectPath3 wtH_̑Sinit@C (DSAgent)
      %SystemRoot%\..\Program Files\Promise\WebPAM 2.0\NapaSet.txt(NapaSet.txt)
      %SystemRoot%\..\Program Files\Promise\WebPAM 2.0\HIST_WebPAM.LOG(HIST_WebPAM.LOG)
      %SystemRoot%\..\Program Files\Promise\WebPAM 2.0\lastTime.log(WPAMlastTime.log)
      %SystemRoot%\..\Program Files\Promise\WebPAM 2.0\log.txt(WPAMlog.txt)
      %SystemRoot%\..\Program Files\Promise\WebPAM 2.0\jetty\webapps\webpam\data\webpam.log(webpam.log)
      %SystemRoot%\..\Program Files\Promise\WebPAM 2.0\jetty\webapps\webpam\data\webpam.properties(webpam.properties)
      %SystemRoot%\..\Program Files\Promise\WebPAM 2.0\jetty\webapps\webpam\data\webpam.script(webpam.script)
      %URAIDUTLPATH%\serverz̑S*.logt@C(URUlog)
      %URAIDUTLPATH%\serverz̑S*.bakt@C(URUlog)
      %URAIDUTLPATH%\serverz̑S*.txtt@C(URUlog)
      %URAIDUTLPATH%\serverz̑S*.datt@C(URUlog)
      %Windir%\System32\wbemzesm*.moft@C(esmmof)
      %EsmDir%\bin\WSz̑St@C(WS)
      %EsmDir%\infz̑S*.inft@C(ESMInf)
      %EsmDir%\datz̑S*.datt@C(ESMDat)
      %EsmDir%\datz̑S*.logt@C(ESMDat)
      C:\KAOATO\KaoatoLogCollection(KaoatoLogCollection)
      %EdgeServer_tool_dir%\log(EdgeServerLog)
      %SystemRoot%\..\Program Files\InstallShield Installation Information\{6342F89D-C2A1-480C-B76D-A9CDF25D1994}z̑St@C (AMIS)
      NEC ICT@AgentCXg[pXz̑Slogt@C(GWA)
     ------------------------------------------------------

      64rbgOS(x64)̏ꍇAL̏ɉĈȉ̏W܂B

          Ot@C(ۑt@C)
     ------------------------------------------------------
      %SystemRoot%\system32\nvramsrv.log(x64log\nvramsrv.log)
      %SystemRoot%\system32\wbem\Logs̑Slogt@C(x64log\wbemlogs)
      %SystemRoot%\system32\drivers\etc\hosts(x64log\hosts)
      %SystemRoot%\system32\drivers\etc\lmhosts(x64log\lmhosts)
      %SystemRoot%\system32\drivers\etc\Regserv.dat(x64log\Regserv.dat)
      %SystemRoot%\..\Program Files (x86)\MegaRAID\client\Raid.log(PF_x86\Raid.log)
      %SystemRoot%\..\Program Files (x86)\Promis~1\Promis~1\HIST_PAM.LOG(PF_x86\HIST_PAM.LOG)
      %SystemRoot%\..\Program Files (x86)\Promis~1\Promis~1\BadSector.txt(PF_x86\BadSector.txt)
      %SystemRoot%\..\Program Files (x86)\Promis~1\Promis~1\SyncErr.txt(PF_x86\SyncErr.txt)
      %SystemRoot%\..\Program Files (x86)\Promis~1\Promis~1\PROMISE\log\FASTTRAK\Contro~1\Controller1.log(x64log\Controller1.log)
      %SystemRoot%\System32\Piclog̑St@C(x64log\Piclog)
      %Systemroot%\System32\BTO.log(x64log\BTO.log)
      %WINDIR%\system32\sysprep\panther ̑St@C (x64log\panther)
      %SystemRoot%\..\Program Files (x86)\Promise\WebPAM 2.0\NapaSet.txt(PF_x86\NapaSet.txt)
      %SystemRoot%\..\Program Files (x86)\Promise\WebPAM 2.0\HIST_WebPAM.LOG(PF_x86\HIST_WebPAM.LOG)
      %SystemRoot%\..\Program Files (x86)\Promise\WebPAM 2.0\lastTime.log(PF_x86\WPAMlastTime.log)
      %SystemRoot%\..\Program Files (x86)\Promise\WebPAM 2.0\log.txt(PF_x86\WPAMlog.txt)
      %SystemRoot%\..\Program Files (x86)\Promise\WebPAM 2.0\jetty\webapps\webpam\data\webpam.log(PF_x86\webpam.log)
      %SystemRoot%\..\Program Files (x86)\Promise\WebPAM 2.0\jetty\webapps\webpam\data\webpam.properties(PF_x86\webpam.properties)
      %SystemRoot%\..\Program Files (x86)\Promise\WebPAM 2.0\jetty\webapps\webpam\data\webpam.script(PF_x86\webpam.script)
      %SystemRoot%\..\Program Files (x86)\InstallShield Installation Information\{6342F89D-C2A1-480C-B76D-A9CDF25D1994}z̑St@C (PF_x86\AMIS)
     ------------------------------------------------------


  4.4 [Nt@C
     WXg"HKEY_LOCAL_MACHINE:SOFTWARE\NEC\ESMAlertManFTempDir"Ŏ
     tH_z̑SẴt@CtH_"\Alertlog"ɎW܂B


  4.5 t@Cf[^
     ȉ̃t@C̓t(쐬tEXVtEANZXt)ƃTCYC
     t@Co[WC̎悵܂B
       t@Co[WC̓o[W񂪑݂ꍇ̂ݍ̎悵܂B
     E%SystemRoot%\system32̃t@C
     E%SystemRoot%\system32\drivers̃t@C
     E%SystemRoot%\..\Program Files\MegaRAIDz̑St@C
     E%EsmDir%̃t@C
     E%EsmDir%\datãt@C
     E%EsmDir%\log̃t@C
     E%EsmDir%\reptbl̃t@C
     E%EsmDir%\tool̃t@C
     E%EsmDir%\biñt@C
     E%URAIDUTLPATH%\server̃t@C
     E%Windir%\Microsoft.NET\assemblyz̑St@C
     Eȉ̃WXgŎtH_z̑St@C
            KEY   : SOFTWARE\NEC\ESMAlertMan
            VALUE : PathName
     E%EsmDir%\inf̑Sinf(*.inf)t@C
     E%EsmDir%\dat̑Sdat(*.dat)t@C

     64rbgOS(x64)̏ꍇAL̏ɉĈȉ̃t@C̓t(쐬tEXVtE
     ANZXt)ƃTCYCt@Co[WC̎悵܂B
     t@Co[WC̓o[W񂪑݂ꍇ̂ݍ̎悵܂B

      #for EM64T OS
      E%SystemRoot%\system32̃t@C
      E%SystemRoot%\system32\drivers̃t@C
      E%SystemRoot%\..\Program Files (x86)\MegaRAIDz̃t@C


  4.6 lbg[N
    ȉ̃R}hsAʂ̎悵܂B
        ipconfig /all
        route -p print
        net use
        net share
        net config workstation
        net config server
        netstat -ano
        tasklist /svc
        netsh interface tcp show global
        netsh advfirewall show currentprofile


  4.7 WMI
    WMÏȉ̃NX̏̎悵܂B
        __Provider
        ESM_Processor
        ESM_GeneralInformation
        ESM_ReportSetting
        ESM_StorageThread
        ESM_StorageConfig
        ESM_StorageTotalNumber
        ESM_StorageController
        ESM_StorageSCSIDevice
        ESM_StorageIDEDevice
        ESM_StorageHardDisk
        ESM_StorageCDROM
        ESM_StorageTape
        ESM_StorageOpticalMemory
        ESM_StorageMisc
        ESM_FileSystemThread
        ESM_FileSystemConfig
        ESM_FileSystemTotalNumber
        ESM_FileSystem
        ESM_SensorConfig
        ESM_TemperatureSensor
        ESM_VoltageSensor
        ESM_FanSensor
        ESM_LiquidLeakageSensor
        ESM_PhysicalMemory
        ESM_VirtualMemory 
        ESM_PageFile
        ESM_StorageLifeSpan
        ESM_Alive
        ESM_GWASetting
        __CacheControl
        Win32_NetworkAdapter
        Win32_ComputerSystemProduct
        Win32_PerfRawData_PerfOS_Processor
        Win32_PerfformattedData_PerfOS_Processor
        Win32_Processor
        Win32_DiskDrive
        Win32_LogicalDisk
        Win32_OperatingSystem

  4.8 XVvOKp
    ȉ̃R}hsAʂ̎悵܂B
    powershell.exe -command "Get-Hotfix"
    dism /Online /Get-Packages /Format:Table

  4.9 O[v|V[Kp
    ȉ̃R}hsAʂ̎悵܂B
    gpresult /h

  4.10 {[}Eg
    ȉ̃R}hsAʂ̎悵܂B
    mountvol

  4.11 hCRg[퐫
    ȉ̃R}hsAʂ̎悵܂B
    dcdiag /v
    dcdiag /test:DNS /v

  4.12 hCRg[
    ȉ̃R}hsAʂ̎悵܂B
    repadmin /showrepl

  4.13 
    ȉ̃R}hsAʂ̎悵܂B
    w32tm /query /status /verbose
    w32tm /query /configuration
    w32tm /query /peers /verbose
    w32tm /monitor

  4.14 {[/RDRꗗ
    ȉ̃R}hsAʂ̎悵܂B
    fltmc volumes

  4.15 {[jԏ
    ȉ̃R}hsAʂ̎悵܂B
    fsutil repair state

  4.16 Windows Update 
    ȉ̃R}hsAʂ̎悵܂B
    powershell.exe -command "get-windowsupdatelog -LogPath log\getwindowsupdatelog.log"

  4.17 čȌo͐ݒ
    ȉ̃R}hsAʂ̎悵܂B
    auditpol /get /category:*

  4.18 DNS ][̏
    ȉ̃R}hsAʂ̎悵܂B
    dnscmd /zoneprint %USERDNSDOMAIN%
    dnscmd /zoneprint _msdcs.%USERDNSDOMAIN%
    dnscmd /EnumZones
    dnscmd /Info
    dnscmd /ZoneInfo %USERDNSDOMAIN%
    dnscmd /ZoneInfo _msdcs.%USERDNSDOMAIN%

  4.19 kerberos `Pbg̏
    ȉ̃R}hsAʂ̎悵܂B
    klist tgt
    klist tickets

  4.20 TCg̏AZLA`lmDC̏
    ȉ̃R}hsAʂ̎悵܂B
    nltest /dsgetsite
    nltest /sc_query:%USERDNSDOMAIN%

  4.21 SYSVOL tH_z̏
    ȉ̃R}hsAʂ̎悵܂B
    dir %systemroot%\sysvol /s /a
    dir %systemroot%\sysvol_dfsr /s /a

  4.22 tB^[hCo[у{[̃CX^X
    ȉ̃R}hsAʂ̎悵܂B
    Fltmc.exe Instances

  4.23 dv̐ݒ
    ȉ̃R}hsAʂ̎悵܂B
    powercfg /L
    powercfg /QH

  4.24 VhERs[֘A̐ݒ
    ȉ̃R}hsAʂ̎悵܂B
    vssadmin list shadowstorage
    vssadmin list shadows
    vssadmin list writers

  4.25 NAST[o[\
    NAST[o[̏ꍇ͐\Ɋւ̎悵܂B


T. FAQ
   {@\FAQɂĂ͉LURLQƊ肢܂B
   https://www.support.nec.co.jp/View.aspx?id=3150107800

U. o[WAXV
   [o[W]
   {c[̃o[W 4.6łB
   [XV]
   Ver2.0 
     - eW10ȓɊłȂꍇA̎WI
     - filedata.csvŃt@CTCYs\C
     - Errorinf.log̃Oo͓eP
   Ver3.0
     - WCxgOǉ
        VHDMP.EVTX
     - W郍Ot@Cǉ
        %windir%\INTELLAN
   Ver3.1
     - W郍Ot@Cǉ
        C:\KAOATO\KaoatoLogCollection
   Ver3.2
     - WWMIǉ
        ESM_StorageLifeSpan
   Ver4.0
     - XVvOKpWΏۂɒǉ
     - O[v|V[KpWΏۂɒǉ
     - {[}EgWΏۂɒǉ
     - hCRg[퐫WΏۂɒǉ
     - hCRg[WΏۂɒǉ
     - WΏۂɒǉ
     - WCxgOǉ
        Microsoft-Windows-WMI-Activity/Operational
        Microsoft-Windows-WMI-Activity/Trace
     - WWMIǉ
        ESM_Alive
     - W郍Ot@Cǉ
        %EdgeServer_tool_dir%\log
     - svOWΏۂ폜
   Ver4.1
     - {[/RDRꗗWΏۂɒǉ
     - {[jԂWΏۂɒǉ
     - e̎̃^CAEgԂ15ɕύX
   Ver4.2
     - ʕɊւt@CEWXgǉ
   Ver4.3
     - WCxgOǉ
        Backup.EVTXAGPOperational.EVTXAActiveDirectoryWebServices.EVTX
     - Wt@Cǉ
        WindowsServerBackup log,etlt@C
        dcpromo.logAdcpromoui.logAnetsetup.logAnetlogon.dns
     - Windows Update AčȌo͐ݒADNS ][̏A
       kerberos `Pbg̏ATCg̏AZLA`lmDC̏A
       SYSVOL tH_z̏Adv̐ݒAVhERs[֘A̐ݒA
       tB^[hCo[у{[̃CX^XAWΏۂɒǉ
   Ver4.4
     - NAST[o[\ǉ
   Ver4.5
     - NEC ICT@Agent֘ÃOǉ
   Ver4.6
     - Windows Server 2025̎W@̕ύX
     - e̎̃^CAEgԂ20ɕύX

ȏB
