Hi all, we are trying to base some log analysis on Windows security event 538. Unfortunately, there seem to be some shortcomings with it. My co-worker Wajih has done a paper on that event and its shortcomings. We would appreciate any feedback on this paper. I have also posted a similar question to the respective Microsoft peer help newsgroup. The URL is: http://www.monitorware.com/Common/en/SecurityReference/Event-ID-538-Expl ained.asp This is a long URL which may be broken by the news client. It should end in ".asp". If it doesn't, please reassemble it before pasting to the web browser. Any help is appreciated. Of course, I will post a summary of any updates we (hopefully) receive ;) Thanks Rainer Gerhards _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Jun 18 2003 - 09:55:11 PDT