Security Basics mailing list archives

RE: Analysing Windows Syslogs

From: "Hayes, Ian" <Ian.Hayes () wynnlasvegas com>
Date: Tue, 1 Aug 2006 14:12:24 -0700

For Event IDs, go to http://www.eventid.net

Once things get tedious, go for something like Splunk and install a
syslog agent on your Windows boxes, such as Snare or NTSyslog. Splunk
makes it really easy to dig for events, and the Pro version has "live
splunks", which is basically defined queries run at a time interval. 

Or go super cheap and use Swatch. Tell it to look for specific EventIDs,
such as our old friend, 644.

Ian Hayes | Senior Systems Engineer
Wynn Las Vegas
3131 South Las Vegas Blvd, Las Vegas, NV 89109
Ph (702) 770-3252 | Cell (702) 266-6002
Ian.hayes () wynnlasvegas com

-----Original Message-----
From: Pravin Jayakumar [mailto:pravinjay () gmail com]
Sent: Sunday, July 30, 2006 8:20 AM
To: security-basics () securityfocus com
Subject: Analysing Windows Syslogs

Hello List,

Firstly, please excuse my bad english. Kindly let me know if there is
any document available for analysing the windows logs
(Application,System and Security) with the given event id?

Is there any website which contains the info abt all the event id's.

I could'nt find the info in http://go.microsoft.com/fwlink/

Any help would be highly appreciated.

Regards....

------------------------------------------------------------------------
--

-
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic

Excellence

in Information Security. Our program offers unparalleled Infosec
management
education and the case study affords you unmatched consulting

experience.

Using interactive e-Learning technology, you can earn this esteemed
degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus

------------------------------------------------------------------------
--




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Re: Analysing Windows Syslogs Ken Pedigo (Aug 01)
- <Possible follow-ups>
- RE: Analysing Windows Syslogs Hayes, Ian (Aug 02)
- Re: Analysing Windows Syslogs jon.holvoet () pandora be (Aug 02)
  - RE: Analysing Windows Syslogs Nicolas Malbranche (Aug 02)