Security Basics mailing list archives
RE: Analysing Windows Syslogs
From: "Hayes, Ian" <Ian.Hayes () wynnlasvegas com>
Date: Tue, 1 Aug 2006 14:12:24 -0700
For Event IDs, go to http://www.eventid.net Once things get tedious, go for something like Splunk and install a syslog agent on your Windows boxes, such as Snare or NTSyslog. Splunk makes it really easy to dig for events, and the Pro version has "live splunks", which is basically defined queries run at a time interval. Or go super cheap and use Swatch. Tell it to look for specific EventIDs, such as our old friend, 644. Ian Hayes | Senior Systems Engineer Wynn Las Vegas 3131 South Las Vegas Blvd, Las Vegas, NV 89109 Ph (702) 770-3252 | Cell (702) 266-6002 Ian.hayes () wynnlasvegas com
-----Original Message----- From: Pravin Jayakumar [mailto:pravinjay () gmail com] Sent: Sunday, July 30, 2006 8:20 AM To: security-basics () securityfocus com Subject: Analysing Windows Syslogs Hello List, Firstly, please excuse my bad english. Kindly let me know if there is any document available for analysing the windows logs (Application,System and Security) with the given event id? Is there any website which contains the info abt all the event id's. I could'nt find the info in http://go.microsoft.com/fwlink/ Any help would be highly appreciated. Regards....
------------------------------------------------------------------------ --
- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic
Excellence
in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting
experience.
Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------ --
-
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Analysing Windows Syslogs Ken Pedigo (Aug 01)
- <Possible follow-ups>
- RE: Analysing Windows Syslogs Hayes, Ian (Aug 02)
- Re: Analysing Windows Syslogs jon.holvoet () pandora be (Aug 02)
- RE: Analysing Windows Syslogs Nicolas Malbranche (Aug 02)