Re: [logs] Monitoring Windows Security Events

• Previous message: Anton A. Chuvakin: "[logs] checking logs for time holes"
• In reply to: Harlan Carvey: "Re: [logs] Monitoring Windows Security Events"
• Next in thread: Eric Fitzgerald: "RE: [logs] Monitoring Windows Security Events"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2003-10-06 at 21:44, Harlan Carvey wrote:
> Rather than "hoping", one might use a syslog agent
> that sends out the newly created Event Log entries as
> they are created.  Many of the agents do use "short
> intervals", but as you say, if someone gains access
> the first thing they might do is delete the logs.  If

The log forwarding agent should support a mode where it detects log
deletion. There are solutions doing this.

Rainer

_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Oddbjorn Steffensen: "Re: [logs] checking logs for time holes"
• Previous message: Anton A. Chuvakin: "[logs] checking logs for time holes"
• In reply to: Harlan Carvey: "Re: [logs] Monitoring Windows Security Events"
• Next in thread: Eric Fitzgerald: "RE: [logs] Monitoring Windows Security Events"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 07 2003 - 09:16:36 PDT