yes i have just visited either eventid.net and ultimatewindowssecurity.com for filtering low important event from high, but now i want to setup some correlation criteria, ex. 3 times one username try to enter onto one|plus hosts, and fails, and then, the same username logon onto the same|other host. But my problem it's only know the main logs to monitor, ex. Top 10 event ID thanks for your time and for Nagios amedeo -----Messaggio originale----- Da: James Turnbull [mailto:james@private] Inviato: ven 17/03/2006 00.19 A: Salvati Amedeo Cc: loganalysis@private Oggetto: Re: [logs] Microsoft Event ID Salvati Amedeo wrote: > Hi all, > > i'm working with a commercial product who parse all event from domain controllers (i think they are 60) but now, my problem is correlate this (on real-time), and search on our db (for auditing and reports). My questions is: someone know|have a list of very important EventID for Security microsoft windows, on special case windows 2003? > > thanks > amedeo > Have a look at the following sites: http://www.ultimatewindowssecurity.com/encyclopedia.html http://www.eventid.net/ And obviously the Microsoft sites have a wealth of information. Regards James Turnbull -- James Turnbull <james@private> --- Author of Pro Nagios 2.0 (http://www.amazon.com/gp/product/1590596099/) Hardening Linux (http://www.amazon.com/gp/product/1590594444/) --- PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0C42DF40) ########################################### This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange. For more information, connect to http://www.f-secure.com/ _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Mar 16 2006 - 16:05:18 PST