Event Log Managment

Logs .. Logs and More Logs

About

My name is Isaac Thompson.  I have worked in the IT field since the early 90’s, with over 11 years as a System Admin and then some in Management.  Since 2004 I have been working with log and event management, helping other Admins figure out exactly what all these logs mean.   From 2004 to Jan of 2011 I worked for Prism Microsystems, working with EventTracker.  After leaving Prism in Jan of 2011 I joined the team at LogRhythm.  LogRhythm is doing things with log and event management that other vendors are struggling with (www.logrhythm.com).    I have helped 100’s of people with their event logs and audit policies. If you have any questions please feel free to leave a comment.

**Feb 14, 2011; Do to some unforseen issues at Prism Microsystems I can no longer in good faith promote their product or services and I have removed all links to their website.

Advertisements

3 Comments »

  1. I´ve readed your post EVENT LOG MANAGEMENT, but next step I´ve problems because I can´t see the description field (in your example ’60’)

    3. Now do another Log Analysis and look for event id 560 and in the description field use the Handle ID value, which will produce the following…

    Can you help me?

    Thanks

    Comment by María | June 24, 2008 | Reply

  2. Sorry, the name post is Tracking Down File Deletes

    Comment by María | June 24, 2008 | Reply

  3. Maria,

    In my example I’m using a product called EventTracker to view the events and not the Windows Event Viewer. That may be what is causing your problem.

    Isaac

    Comment by ithompson | June 30, 2008 | Reply


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: