Security Basics mailing list archives
Re: Monitoring of Admin logins
From: "Steven Adair" <steven () securityzone org>
Date: Wed, 11 Apr 2007 11:48:20 -0500 (EST)
A syslog server as mentioned will do the trick. You can run scripts to parse through the logs looking for "administrator" logins or the logins you have given to each of the users. Also, you may want to avoid giving these other users access to this server or at least just give them read only access. There are also other event correlation/SIM products that have capabilities you mentioned. Someone just e-mailed this list a little bit ago asking about ArcSight. I believe this product is capable of doing this as is NetIQ. Now these aren't free by any means, in fact they are far from it. Steven securityzone.org
I would think that a syslog server and some tools would be able to do that. I'd also recommend giving people admin equivalent accounts instead of letting them log in as "admin." If you make sure they have no access to the syslog server you can make sure you have an accurate record of who is doing what. Luck, Buz On 4/10/07, Sohail Sarwar <ssarwar () ecredit com> wrote:Hi there, I am assuming this have been done, but how ? I would like to get notified when a user logs in to my domain as an admin (Administrator) I have several people who are using the admin account, and I would like to setup something so that it notifies me via and email that a specific person has logged in to the domain controller or windows 2003 servers as the administrator. I guess something like who the user is and from where.. Is there such a thing ? Thanks, Sohail-- Buz Dale buz.dale () usg edu IT Security Specialist 1-888-875-3697 (In GA) 1-706-583-2005 Office of Information and Instructional Technology University System of Georgia GMT -5:00 !DSPAM:461c1593140083591774956!
Current thread:
- RE: Audit Windows files/folders, (continued)
- RE: Audit Windows files/folders Scott Ramsdell (Apr 09)
- Re: Audit Windows files/folders Rob Creely (Apr 10)
- Re: Audit Windows files/folders TStark (Apr 10)
- RE: Audit Windows files/folders J.M. Seitz (Apr 10)
- Message not available
- Fwd: Audit Windows files/folders kevin fielder (Apr 11)
- RE: Audit Windows files/folders Scott Ramsdell (Apr 09)
- Monitoring of Admin logins Sohail Sarwar (Apr 10)
- RE: Monitoring of Admin logins Petter Bruland (Apr 10)
- RE: Monitoring of Admin logins Dixon, Wayne (Apr 10)
- Re: Monitoring of Admin logins Buz Dale (Apr 10)
- Re: Monitoring of Admin logins Steven Adair (Apr 11)
- Re: Monitoring of Admin logins Steven Hollingsworth (Apr 11)