Security Basics mailing list archives
RE: TR : event viewer log How to get more information
From: "John Warnas/HintTech B.V." <john.warnas () hinttech com>
Date: Tue, 8 Apr 2003 09:43:51 +0200
Well all I can see in the last event that somebody tried to log in on this station. Have you checked the user rights on this station? Are there any guest accounts? Regards John Warnas --- HintTech B.V.; Kluyverweg 2a 2629 HT Delft; T +31(0)15-268 25 73 F +31(0)15-268 25 67; GSM +31(0)6-21 8584 34 --- -----Oorspronkelijk bericht----- Van: Héroux, Christian [mailto:Christian.Heroux () etsmtl ca] Verzonden: vrijdag 4 april 2003 19:15 Aan: security-basics () securityfocus com Onderwerp: TR : event viewer log How to get more information Hello all ! I hope you can help me ! There are many event log like these one on a user workstation windows XP. Someone logged into his station? Right? How can I get more info to troubleshoot? Nobody is allowed in this user station. We don`t have much info to find out what wrong. Is it a process, which PC...Do you have any tool that could log more detail. Christian H. Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 540 Date: 2003-04-02 Time: 10:19:02 User: XXX\ffournXXX Computer: BISMARCK Description: Successful Network Logon: User Name: ffournXXX Domain: XXX Logon ID: (0x0,0x1BA8FD3) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: GPA_024824 Logon GUID: {00000000-0000-0000-0000-000000000000} For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 540 Date: 2003-04-03 Time: 09:40:15 User: XXX\rmaraXXXX Computer: BISMARCK Description: Successful Network Logon: User Name: rmaranXXX Domain: XXX Logon ID: (0x0,0x586DD0) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: GPA_026195 Logon GUID: {00000000-0000-0000-0000-000000000000} For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 529 Date: 2003-04-04 Time: 02:33:06 User: NT AUTHORITY\SYSTEM Computer: BISMARCK Description: Logon Failure: Reason: Unknown user name or bad password User Name: Administrator Domain: PERF-1 Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NWV1_0 Workstation Name: PERF-1 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics <b> ------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. ------------------------------------------------------------------- </b>
Current thread:
- TR : event viewer log How to get more information Héroux, Christian (Apr 07)
- RE: TR : event viewer log How to get more information John Warnas/HintTech B.V. (Apr 08)
- <Possible follow-ups>
- RE: TR : event viewer log How to get more information Maksoudian, Gary (Apr 07)
- RE: TR : event viewer log How to get more information Robinson, Sonja (Apr 07)
- RE: TR : event viewer log How to get more information Trevor Cushen (Apr 07)
- RE: TR : event viewer log How to get more information dave (Apr 08)
- RE: TR : event viewer log How to get more information DS (Apr 10)
- RE: TR : event viewer log How to get more information Rick Darsey (Apr 10)
- RE: TR : event viewer log How to get more information dave (Apr 08)
- Re: TR : event viewer log How to get more information H Carvey (Apr 07)