Event Log Managment

Logs .. Logs and More Logs

Inside and Outside Hack Attempts

Over the last several years I have conducted quite a few webinars with Randy F. Smith on a variety of topics that relate to Windows Audit Policies and Log Management.  Two of these truly drive home the point about why you need to be looking at your logs (not just Windows but all sources; *NIX and Network Devices as well).  The first of these was conducted on Jan 20, 2009 entitled “Anatomy of a Hack: Tracking an Intruder with Security Logs” and most recently on Feb 4, 2010 entitled “Insider Gone Bad: Tracking Their Steps and Building Your Case with the Security Log “.


March 3, 2010 Posted by | Audit Policy, Audting, Event Log, Hacking, Log Management | , , , , , , , | Leave a comment

Security Log Resource

This week has been a busy one for me.  I have had several web training sessions and 2 onsite training sessions with customers this week.  A question came up during one of onsites this week and I thought I would share it.  The question was where did I get all my knowledge about the Windows Event Log and the various Event ID’s.

The answer is a simple 2 part answer. Part 1 –> Repetition, repetition, repetition.  I have been analyizing event logs for more than 3 years now and before that I was a Sys Admin.  Looking at the events day in and day you tend to get them stuck in your head.  Part 2 –> Resources such as the information that I’ve learned from reading Randy F. Smith’s book and reviewing his course documentation and visiting his web site: www.ultimatewindowssecurity.com.  I have put a link to a new feature on Randy’s site, WinSecWiki, under my Blogrolls.  I also attend his webinars to get more info.  Randy has good insite to the Security log.  I have also had several conversations with Randy.

From time to time I will contribute to Randy’s Wiki, I will be posting under my first name on his site. 

If anyone has any questions about Windows Events or the Windows Audit Policy feel free to ask.

January 17, 2008 Posted by | Audit Policy, Event Log, Log Management | , , | Leave a comment

Tracking Down Audit Policy Changes

Yesterday I held a webinar about how to track down changes to your Audit Policy.  I have had several requests for the recorded session link from the people who attended.  So I thought I would share the webinar with everyone else.  To view the webinar please visit:

**Feb 14, 2011; Do to some unforseen issues at Prism I can no longer in good faith promote their product or services and I have removed all links to their website.

January 17, 2008 Posted by | Audit Policy, Audting, Event Log, Log Management | , , , | Leave a comment