Security Basics mailing list archives

Re: What does this mean??? Event Log Scan

From: Birl <sbirl () temple edu>
Date: Thu, 31 Jul 2003 14:00:12 -0400 (EDT)

As it was written on Jul 31, thus Chance Orr spake unto security-basics@sec...:

Chance:  Date: 31 Jul 2003 04:41:15 -0000
Chance:  From: Chance Orr <karismau () yahoo com>
Chance:  To: security-basics () securityfocus com
Chance:  Subject: What does this mean??? Event Log Scan
Chance:
Chance:
Chance:
Chance:  07/30/2003  23:49:02  612 Audit Policy Change Success audit Critical Security SYSTEM xxxxxxxxxx
Chance:  07/30/2003  23:49:02  540 Successful Network Logon Success audit Critical Security ANONYMOUS LOGON xxxxxxxxxx
Chance:  07/30/2003  23:49:24  680 Account Used for Logon Failure audit Critical Security SYSTEM xxxxxxxxxx
Chance:  07/30/2003  23:49:24  529 LF: Bad user name/password Failure audit Critical Security SYSTEM xxxxxxxxxx
Chance:  07/30/2003  23:49:33  680 Account Used for Logon Success audit Critical Security SYSTEM xxxxxxxxxx
Chance:
Chance:  This appears in my event log everytime I start my pc. I am using a
Chance:  firewall & XP-Home
Chance:
Chance:  thanx


(disabled wrapping your message.  You should try not to word-wrap logs.)

A code of 612 means that someone (in this case the SYSTEM account) was
successful in changing a Policy.

A code of 680 means that someone (not the SYSTEM account) tried to log
onto the computer but failed.

From my experience, there's insufficent data in this log entry to

determine what method the SYSTEM account was using to log into the
computer (Interactive, Network, Batch job, etc)

A code of 529 means that someone (not the SYSTEM account) tried to log
onto the computer but the wrong password was used.


For additional information, search http://support.microsoft.com/ for
"Security Event Description"



Thanks

 Scott Birl                              http://concept.temple.edu/sysadmin/
 Senior Systems Administrator            Computer Services   Temple University
====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====*

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

What does this mean??? Event Log Scan Chance Orr (Jul 31)
- Re: What does this mean??? Event Log Scan Birl (Jul 31)
- <Possible follow-ups>
- RE: What does this mean??? Event Log Scan DeGennaro, Gregory (Jul 31)