Re: [logs] Monitoring Windows Security Events

From: Rainer Gerhards (rgerhards@private)
Date: Tue Oct 07 2003 - 00:52:48 PDT

  • Next message: Oddbjorn Steffensen: "Re: [logs] checking logs for time holes"

    On Mon, 2003-10-06 at 21:44, Harlan Carvey wrote:
    > Rather than "hoping", one might use a syslog agent
    > that sends out the newly created Event Log entries as
    > they are created.  Many of the agents do use "short
    > intervals", but as you say, if someone gains access
    > the first thing they might do is delete the logs.  If
    
    The log forwarding agent should support a mode where it detects log
    deletion. There are solutions doing this.
    
    Rainer
    
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysis@private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Tue Oct 07 2003 - 09:16:36 PDT