Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Monitoring security event logs

from [TheGesus] Network Security [Permanent Link]
Subject: Re: Monitoring security event logs
Date: Tue, 23 Jan 2007 14:12:45 -0500 
http://support.microsoft.com/kb/174073

I absolutely refuse to make the standard "Google is your friend" remark.

Ooops.

On 21 Jan 2007 19:27:12 -0000, g@27.eclipse.co.uk <g@27.eclipse.co.uk> wrote: 
Hi all,

I am monitoring the logoff and logon event logs for some machines in my domain. I notice that for 
one single logon there are multiple successful logons, in the event log. Sometimes the logon 
process is either or both "advapi" and "user32" Does anyone know the difference 
between these?

I try to pair the Logon ID's for each sesssion to calculate logon times, and I 
notice on some occasions that the logon/logoff ID is the same, but parts of it, 
have capitalisation. Does anyone know why? Also some logon ID's seem to not a 
logoff ID pair? (even though the user has logged off) Does anyone know why?

Thanks in advance,




[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Flash Memory Wiping, C Anctil
Next by Date:  SF new article announcement: Testing Fault Injection in Local Applications, Kelly Martin
Previous by Thread:  Monitoring security event logs, g
Next by Thread:  Centrally managed desktop firewall/endpoint security, lists . canuck . eh
Indexes:  [Date] [Thread] [Top] [All Lists]