Security Basics mailing list archives

RE: MS Audit logs

From: Sarbjit Singh Gill <ssgill () gilltechnologies com>
Date: Wed, 24 May 2006 10:34:57 +0800

Log Parser  from Microsoft.

-----Original Message-----
From: Davie Elliott - Eluse [mailto:delliott () eluse co uk]
Sent: Sunday, May 21, 2006 9:27 PM
To: security-basics () securityfocus com
Subject: MS Audit logs

Hi everyone,

I'm a bit of a newbie administrator, and I have a quick question about
Microsoft windows audit logs.

Right now I have ticked every audit option in the main GPO, so I get tons of
audit objects to trawl through every week.
I was reading somewhere that MS Audit logs cycle or something so after 24
hours I have lost some audit objects.
Also, I don't really know what I'm looking for in the audits logs anyway...
except for maybe checking if some users accounts have been used when they
shouldn't have.

Anyways, I was wondering what software would be good for managing the audit
logs?... I think I read a blog from an MS employee saying someone should use
3rd party software for managing the audit logs instead of the built-in
windows thing.

Thanks for your help,

Davie.

Current thread:

MS Audit logs Davie Elliott - Eluse (May 23)
- RE: MS Audit logs dave kleiman (May 23)
- <Possible follow-ups>
- RE: MS Audit logs Sarbjit Singh Gill (May 24)
- RE: MS Audit logs Hayes, Ian (May 24)
- RE: MS Audit logs Nick Vaernhoej (May 25)
  - RE: MS Audit logs Daniel Cid (May 29)