Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: audit trails for file access

from [David Greig] Network Security [Permanent Link]
Subject: RE: audit trails for file access
Date: Fri, 6 Jan 2006 16:26:24 -0000 
I actually use NTSyslog to send my logs off to a syslog server, as I
found that Eventlog to Syslog would crash unexpectedly on our Citrix
servers.  It also allows you a fair bit of customisation of your log
options which I've found quite useful.  You can download it here:
http://sourceforge.net/projects/ntsyslog/.  

On the syslog server side, I use syslog-ng to log to a MySQL database.
Syslog-ng is here:

http://www.balabit.com/products/syslog_ng/

For instructions on logging to a MySQL database, and to check through
the logs, php-syslog-ng has been pretty useful for me:

Download:  http://www.phpwizardry.com/php-syslog-ng.php
Instructions for setup:
http://www.phpwizardry.com/demo/index.php?pageId=help

Hopefully that'll get you started on setting it up.  Of course though,
you need a Linux/Unix box to send the logs to for the syslog option.



-----Original Message-----
From: Scott Liebergen [mailto:sliebergen@toscaltd.com] 
Sent: 06 January 2006 15:00
To: focus-ms@securityfocus.com
Subject: RE: audit trails for file access

 
In regards to logging to another machine, use the Eventlog to Syslog
Utility found here --->
https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys to
log to a syslog server.

Cheers,
-Scott


-----Original Message-----
From: Murad Talukdar [mailto:talukdar_m@subway.com]
Sent: Friday, January 06, 2006 1:15 AM
To: focus-ms@securityfocus.com
Subject: audit trails for file access

Hi,
I was wondering if there are any other file access/modification audit
trails generated apart from the ones which can be set through the
security/auditing tab for a folder's properties.

I want to know if there is any kind of logging done by default when a
2003 box is uhh, fresh out of the box.

Also, how can logs be sent to another machine for storage?



Kind Regards
Murad Talukdar


 



------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


________________________________________________________________________
This e-mail has been scanned for all viruses by Star. The service is
powered by MessageLabs. For more information on a proactive anti-virus
service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________



________________________________________________________________________
This e-mail is from Gresham LLP. This e-mail, together with any 
attachments, is for the exclusive and confidential use of the addressee(s). 
If you are not the addressee, or the person responsible for delivering it 
to the addressee, you  may not copy or deliver this to anyone else.  If you 
have received the e-mail in error please notify support.team@gresham.vc or 
telephone +44 (0)20 7309 5000. Postal address One South Place, London EC2M 
2GT. No. OC302703. Gresham LLP is authorised and regulated by the Financial 
Services Authority.
You can also visit us at our website:  www.gresham.vc
_________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: New article on SecurityFocus, Drew Simonis
Next by Date:  RE: New article on SecurityFocus, Erin Carroll
Previous by Thread:  Re: audit trails for file access, trevor jennings
Next by Thread:  RE: User Education (was: New article on SecurityFocus), Derick Anderson
Indexes:  [Date] [Thread] [Top] [All Lists]