One suggestion which comes to mind would be to make available a full accounting of all Windows/Microsoft produced event IDs, their sources, what they mean etc. I have found a nice document on the security log and security event ids, however it has been impossible to find this information for other event logs (Directory services, File replication, DNS etc). In particular in the case of active directory one is publicly unavailable. --- Noah White mailto://<nwhiteat_private> SilverBack Technologies Inc. http://www.silverbacktech.com > -----Original Message----- > From: Eric Fitzgerald [mailto:ericfat_private] > Sent: Friday, January 17, 2003 3:00 PM > To: H C; Rainer Gerhards; loganalysisat_private > Cc: Tina Bird; Marcus J. Ranum; probertsat_private; Ben Laurie > Subject: RE: [logs] RE: NT Event Log and Web Server Attacks > > > -----Original Message----- > > From: H C [mailto:keydet89at_private] > > Sent: Friday, January 17, 2003 11:27 AM > > To: Rainer Gerhards; loganalysisat_private > > Cc: Tina Bird; Marcus J. Ranum; probertsat_private; Ben Laurie; Eric > Fitzgerald > > Subject: RE: [logs] RE: NT Event Log and Web Server Attacks > > > I just think that due to the obscurity of the > > EventLog, particularly on NT and 2K platforms, this > > can be a bit more trouble than it's worth. > > I would be very interested in hearing any suggestions on how to improve > the ability to analyze the Windows security log. I've explained why some > of the events seem to be "missing" information even though the > information is really in the log, and Microsoft's strategy moving > forward, but if you have other suggestions then I would be very open to > hearing them. _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Jan 20 2003 - 09:31:14 PST