Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Windows Log

from [Meredith, Charles (HRD)] Network Security [Permanent Link]
Subject: RE: Windows Log
Date: Tue, 24 Jan 2006 11:38:27 -0500 
Kind of related...
While researching a similar problem, I found a tool that will help manage the 
archival of logs (you might want to do this). We wanted to keep an archive of 
audit logs (logon and logoff events) so I found a freeware utility from 
SysInternals called psloglist that will automatically clear and save your 
audit/security logs. http://www.sysinternals.com/Utilities/PsLogList.html
Regards,
Chuck

-----Original Message-----
From: 
security-basics-return-37793-Chuck.Meredith=hrd.state.ma.us@securityfocus.com 
[mailto:security-basics-return-37793-Chuck.Meredith=hrd.state.ma.us@securityfocus.com]
 On Behalf Of List Spam
Sent: Tuesday, January 17, 2006 10:08 AM
To: security-basics@securityfocus.com
Subject: Re: Windows Log

There are many types of logins that can be performed in an an AD environment.  
Among these are full desktop logins by a user (aka interactive login), 
non-interactive network logins (e.g. mount a share), computer accounts 
authenticating to the domain, etc.

I would venture a guess that you don't want to disallow the ability to log 
other security events, but want to easily find login events of some type (see 
above) without having to wade through the full set of logged data.  If this is 
the case, you could simply filter the logs to show the event id that is 
specific to the action you are looking to see.

You could use the built-in "Event Viewer" application for it, EventCombMT 
(Google it), one of the resource kit log dumping utilitities, VBScripts, or 
just about anything else to export this info.  Some VBScript examples are below:

http://www.microsoft.com/technet/scriptcenter/scripts/logs/eventlog/default.mspx

I dare say that if you're trying to audit security on a box, you don't want to 
hack up the data collection facility, but want to simply get better use from 
that data.

My two cetns.

On 1/16/06, Rod <rod.rio@gmail.com> wrote:

Hi all,

I have a Win2k Server, who is my Domain Controller, and I'd like it to 
log only the LOGON/LOGOFF events. I know that there are a whole class 
of logon/logoff events, but I´d like to log only when a user logon 
into a machine in the domain.

Hope I was clear... thx


--
Rodrigo M. T. Fernandez
Departamento de Ciência da Computação UFRJ Grupo de Respostas a 
Incidentes de Segurança - GRIS UFRJ www.dcc.ufrj.br | 
www.gris.dcc.ufrj.br

----------------------------------------------------------------------
----- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The 
Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity 
Planning, Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------
------




---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich 
University program offers unparalleled Infosec management education and the 
case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree customizations 
including Emergency Management, Business Continuity Planning, Computer 
Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------




---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Mass Machine Login, Vihang Dudhalkar
Next by Date:  Re: router question..., Yousef Syed
Previous by Thread:  RE: Windows Log, Ramsdell, Scott
Next by Thread:  RE: Windows Log, dave kleiman
Indexes:  [Date] [Thread] [Top] [All Lists]