2008 January « Event Log Managment

Security Log Resource

This week has been a busy one for me. I have had several web training sessions and 2 onsite training sessions with customers this week. A question came up during one of onsites this week and I thought I would share it. The question was where did I get all my knowledge about the Windows Event Log and the various Event ID’s.

The answer is a simple 2 part answer. Part 1 –> Repetition, repetition, repetition. I have been analyizing event logs for more than 3 years now and before that I was a Sys Admin. Looking at the events day in and day you tend to get them stuck in your head. Part 2 –> Resources such as the information that I’ve learned from reading Randy F. Smith’s book and reviewing his course documentation and visiting his web site: www.ultimatewindowssecurity.com. I have put a link to a new feature on Randy’s site, WinSecWiki, under my Blogrolls. I also attend his webinars to get more info. Randy has good insite to the Security log. I have also had several conversations with Randy.

From time to time I will contribute to Randy’s Wiki, I will be posting under my first name on his site.

If anyone has any questions about Windows Events or the Windows Audit Policy feel free to ask.

January 17, 2008 Posted by ithompson | Audit Policy, Event Log, Log Management | Event Log, Log Management, windows audit policy | No Comments Yet

Tracking Down Audit Policy Changes

Yesterday I held a webinar about how to track down changes to your Audit Policy. I have had several requests for the recorded session link from the people who attended. So I thought I would share the webinar with everyone else. To view the webinar please visit: http://www.prismmicrosys.com/Support/trainingDetails.php?id=116&a=view.html

For a list of my other upcoming webinars you can visit: http://www.prismmicrosys.com/webinars.php#Log%20Management%20Secrets

They are listed under the Log Management Secrets section. I will be conducting webinars each Tuesday at 1 pm Eastern Time on various topics relating to event log management and security. Please feel free to join in the webinars.

January 17, 2008 Posted by ithompson | Audit Policy, Audting, Event Log, Log Management | Audit Policy, Audit Policy Changes, Policy changes, windows audit policy | No Comments Yet

January 2008

S M T W T F S

« Sep Mar »

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30 31
Search for:
Blogroll
Twitter for Log Guru
- presenting at a webinar on Oct 1 .. Topic Logins: http://bit.ly/2bGZux 1 month ago
- must have auto collection & notification of log data: Defense Worker Arrested Accessing Unauthorized Data http://bit.ly/ep94H via @addthis 1 month ago
- Dirty USB shuts down systems for days http://bit.ly/3cSroU 1 month ago
- at a customer site doing training 4 months ago
- conducting log managment training for a customer 4 months ago
- ITRC Report: Malicious Attacks Increased In First Half Of 2009 http://bit.ly/4M9If via @addthis 4 months ago
- Survey: Poor Economy Leads To Rise In Sneaky IT Behavior http://bit.ly/xYgqW via @addthis 5 months ago
- building vulnerabilities rules 5 months ago
- helping a customer set Object Access Auditing in the correct location 5 months ago
- http://bit.ly/3NtJTI , @networkworld; "Inside a data leak audit" 5 months ago

January 2008
S	M	T	W	T	F	S
« Sep		Mar »
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Archives
- October 2009 (1)
- September 2009 (1)
- August 2009 (1)
- May 2009 (3)
- April 2009 (1)
- March 2009 (2)
- February 2009 (4)
- September 2008 (1)
- August 2008 (1)
- June 2008 (1)
- May 2008 (1)
- April 2008 (1)
Categories
RSS
Entries RSS
Comments RSS

Event Log Managment

Event Log Managment

Security Log Resource

Tracking Down Audit Policy Changes

About

Blogroll

Twitter for Log Guru

Archives

Categories

RSS

Site info