Many of the links in this paper are broken; the MSDN web site was changed without notification. I am working to get this corrected. Please also see Knowledge Base articles Q174074, Q299475 and Q301677 for more information on Windows' audit schema. Eric Fitzgerald Program Manager, Windows Auditing Microsoft Corporation -----Original Message----- From: Tina Bird [mailto:tbird@precision-guesswork.com] Sent: Friday, October 05, 2001 8:22 AM To: Log Analysis Mailing List Subject: [logs] Microsoft best practices - Windows auditing Just in case you haven't seen this: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bestprac/monito.asp This includes event IDs for each of the audit policy categories, and a lot of potentially useful information. I say potentially because I'm trying to test EventReporter on Win2000 and I can't even get the Win2k box to tell me I'm failing to log in...it's not an EventReporter issue, it's a tbird-win2k issue, but it's sent me screaming to TechNet. When did I become the local windows expert? tbird "I was being patient, but it took too long." - Buffy the Vampire Slayer LogAnalysis: http://kubarb.phsx.ukans.edu/~tbird/log-analysis.html VPN: http://kubarb.phsx.ukans.edu/~tbird/vpn.html --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Oct 09 2001 - 15:47:28 PDT