Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: MS Audit logs

from [dave kleiman] Network Security [Permanent Link]
Subject: RE: MS Audit logs
Date: Tue, 23 May 2006 15:24:24 -0400 
First you will want the logs to auto archive:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application]
"MaxSize"=dword:06400000
"Retention"=dword:00278d00
"RestrictGuestAccess"="1"
"AutoBackupLogFiles"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security]
"MaxSize"=dword:06400000
"Retention"=dword:ffffffff
"RestrictGuestAccess"="1"
"AutoBackupLogFiles"=dword:00000001
"WarningLevel"=dword:0000005a

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System]
"MaxSize"=dword:06400000
"Retention"=dword:00278d00
"RestrictGuestAccess"="1"
"AutoBackupLogFiles"=dword:00000001


Then take a look at this for some methods of auditing your audits.


http://www.davekleiman.com/Files/HTCIACyberCrimeSummit_For_CD.zip


Dave




Respectfully,

______________________________________________________
Dave Kleiman, CAS,CCE,CIFI,CISM,CISSP,ISSAP,ISSMP,MCSE

http://www.davekleiman.com/about.php
 

   -----Original Message-----
   From: Davie Elliott - Eluse [mailto:delliott@eluse.co.uk] 
   Sent: Sunday, May 21, 2006 09:27 AM
   To: security-basics@securityfocus.com
   Subject: MS Audit logs
   
   Hi everyone,
   
   I'm a bit of a newbie administrator, and I have a quick 
   question about Microsoft windows audit logs.
   
   Right now I have ticked every audit option in the main GPO, 
   so I get tons of audit objects to trawl through every week.
   I was reading somewhere that MS Audit logs cycle or 
   something so after 24 hours I have lost some audit objects.
   Also, I don't really know what I'm looking for in the audits 
   logs anyway...
   except for maybe checking if some users accounts have been 
   used when they shouldn't have.
   
   Anyways, I was wondering what software would be good for 
   managing the audit logs?... I think I read a blog from an MS 
   employee saying someone should use 3rd party software for 
   managing the audit logs instead of the built-in windows thing.
   
   Thanks for your help,
   
   Davie.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Split Tunneling, Chris Serafin
Next by Date:  RE: Wireless Security (Part 2), Ebeling, Jr., Herman Frederick
Previous by Thread:  MS Audit logs, Davie Elliott - Eluse
Next by Thread:  RE: MS Audit logs, Sarbjit Singh Gill
Indexes:  [Date] [Thread] [Top] [All Lists]