Security Basics mailing list archives
RE: TR : event viewer log How to get more information
From: "dave" <dave () netmedic net>
Date: Mon, 7 Apr 2003 21:10:29 -0400
Hey, Logon Type: 3 = Successful Network Logon. This event indicates that a remote user has successfully connected from the network to a local resource. I believe type 7 is for local logon. http://www.eventlogscan.com/ will scan your eventlog and give you a report. And http://eventid.net will give you detailed info of every event and variations of it. _____________________ Dave Kleiman dave () netmedic net www.netmedic.net -----Original Message----- From: "Héroux, Christian" [mailto:Christian.Heroux () etsmtl ca] Sent: 04 April 2003 18:15 To: security-basics () securityfocus com Subject: TR : event viewer log How to get more information Hello all ! I hope you can help me ! There are many event log like these one on a user workstation windows XP. Someone logged into his station? Right? How can I get more info to troubleshoot? Nobody is allowed in this user station. We don`t have much info to find out what wrong. Is it a process, which PC...Do you have any tool that could log more detail. Christian H. Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 540 Date: 2003-04-03 Time: 09:40:15 User: XXX\rmaraXXXX Computer: BISMARCK Description: Successful Network Logon: User Name: rmaranXXX Domain: XXX Logon ID: (0x0,0x586DD0) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: GPA_026195 Logon GUID: {00000000-0000-0000-0000-000000000000} For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 529 Date: 2003-04-04 Time: 02:33:06 User: NT AUTHORITY\SYSTEM Computer: BISMARCK Description: Logon Failure: Reason: Unknown user name or bad password User Name: Administrator Domain: PERF-1 Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NWV1_0 Workstation Name: PERF-1 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. <b> ------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. ------------------------------------------------------------------- </b>
Current thread:
- TR : event viewer log How to get more information Héroux, Christian (Apr 07)
- RE: TR : event viewer log How to get more information John Warnas/HintTech B.V. (Apr 08)
- <Possible follow-ups>
- RE: TR : event viewer log How to get more information Maksoudian, Gary (Apr 07)
- RE: TR : event viewer log How to get more information Robinson, Sonja (Apr 07)
- RE: TR : event viewer log How to get more information Trevor Cushen (Apr 07)
- RE: TR : event viewer log How to get more information dave (Apr 08)
- RE: TR : event viewer log How to get more information DS (Apr 10)
- RE: TR : event viewer log How to get more information Rick Darsey (Apr 10)
- RE: TR : event viewer log How to get more information dave (Apr 08)
- Re: TR : event viewer log How to get more information H Carvey (Apr 07)