Re: [logs] Monitoring Windows Security Events

• Previous message: Andy Cuff [Talisker]: "Re: [logs] Monitoring Windows Security Events"
• Maybe in reply to: Brian Anon: "[logs] Monitoring Windows Security Events"
• Next in thread: Andy Cuff [talisker]: "Re: [logs] Monitoring Windows Security Events"
• Reply: Andy Cuff [talisker]: "Re: [logs] Monitoring Windows Security Events"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Has anyone looked into preventing the modification (or just notification
of possible unauthorized modifications) of windows event logs?

On Thu, 02 Oct 2003 06:01:51 -0700 Brian Anon <brian_anon@private>
wrote:
>I would appreciate hearing how others monitor events in their Windows
>>
>security event logs in a large distributed network.
>
>Specifically, I've got six Windows domains (totaling about 1500
>servers and
>6-8 domain controllers in each domain).  I need to begin monitoring
>security
>events on these domain controllers.
>
>Considering that each domain controller generates about 100+ MB
>a day in he
>security event log, it's not really practical having someone manually
>review
>this on a weekly basis.
>
>Any suggestions about what events to be looking for and acting on?
>
>I'm now thinking that an automated host-based IDS may be the best
>option to
>monitor events in realtime.  Any recommendations?
>
>Should we only be considering centralizing these events first so
>that they
>can be correlated?  Any suggestions?
>
>Brian
>
>_________________________________________________________________
>Protect your PC - get McAfee.com VirusScan Online
>http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
>_______________________________________________
>LogAnalysis mailing list
>LogAnalysis@private
>http://lists.shmoo.com/mailman/listinfo/loganalysis
>
>
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAj98kW0ACgkQT30L5q3LVyjSqgCcCme5CKQtgbYyxCYBc4dAxIwdfoIA
oKrOSJ6tsf/JmgE0BS4/lGSnpCPq
=0k6v
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Jason Haar: "Re: [logs] Central Log Server"
• Previous message: Andy Cuff [Talisker]: "Re: [logs] Monitoring Windows Security Events"
• Maybe in reply to: Brian Anon: "[logs] Monitoring Windows Security Events"
• Next in thread: Andy Cuff [talisker]: "Re: [logs] Monitoring Windows Security Events"
• Reply: Andy Cuff [talisker]: "Re: [logs] Monitoring Windows Security Events"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 02 2003 - 16:05:43 PDT