[logs] Microsoft best practices - Windows auditing

• Previous message: Sweth Chandramouli: "Re: [logs] www.sabernet.net"
• Next in thread: Eric Fitzgerald: "RE: [logs] Microsoft best practices - Windows auditing"
• Reply: Eric Fitzgerald: "RE: [logs] Microsoft best practices - Windows auditing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Just in case you haven't seen this:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bestprac/monito.asp

This includes event IDs for each of the audit policy categories,
and a lot of potentially useful information.  I say potentially
because I'm trying to test EventReporter on Win2000 and I can't
even get the Win2k box to tell me I'm failing to log in...it's
not an EventReporter issue, it's a tbird-win2k issue, but it's
sent me screaming to TechNet.

When did I become the local windows expert?

tbird

"I was being patient, but it took too long." - 
                                Buffy the Vampire Slayer

LogAnalysis: http://kubarb.phsx.ukans.edu/~tbird/log-analysis.html
VPN:  http://kubarb.phsx.ukans.edu/~tbird/vpn.html


---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

• Next message: Tina Bird: "[logs] Auditing on Win2k Domain Controller"
• Previous message: Sweth Chandramouli: "Re: [logs] www.sabernet.net"
• Next in thread: Eric Fitzgerald: "RE: [logs] Microsoft best practices - Windows auditing"
• Reply: Eric Fitzgerald: "RE: [logs] Microsoft best practices - Windows auditing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 12:12:23 PDT