Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: RE: Analysing Windows Syslogs

RE: Analysing Windows Syslogs

From: Hayes, Ian <Ian.Hayes_at_wynnlasvegas.com>
Date: Tue, 1 Aug 2006 14:12:24 -0700

For Event IDs, go to http://www.eventid.net

Once things get tedious, go for something like Splunk and install a
syslog agent on your Windows boxes, such as Snare or NTSyslog. Splunk
makes it really easy to dig for events, and the Pro version has "live
splunks", which is basically defined queries run at a time interval.

Or go super cheap and use Swatch. Tell it to look for specific EventIDs,
such as our old friend, 644.

Ian Hayes | Senior Systems Engineer
Wynn Las Vegas
3131 South Las Vegas Blvd, Las Vegas, NV 89109
Ph (702) 770-3252 | Cell (702) 266-6002
Ian.hayes_at_wynnlasvegas.com
 

> -----Original Message-----
> From: Pravin Jayakumar [mailto:pravinjay_at_gmail.com]
> Sent: Sunday, July 30, 2006 8:20 AM
> To: security-basics_at_securityfocus.com
> Subject: Analysing Windows Syslogs
>
> Hello List,
>
> Firstly, please excuse my bad english. Kindly let me know if there is
> any document available for analysing the windows logs
> (Application,System and Security) with the given event id?
>
> Is there any website which contains the info abt all the event id's.
>
> I could'nt find the info in http://go.microsoft.com/fwlink/
>
> Any help would be highly appreciated.
>
> Regards....
>
>
------------------------------------------------------------------------ 

--
> -
> This list is sponsored by: Norwich University
> 
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic
Excellence
> in Information Security. Our program offers unparalleled Infosec
> management
> education and the case study affords you unmatched consulting
experience.
> Using interactive e-Learning technology, you can earn this esteemed
> degree,
> without disrupting your career or home life.
> 
> http://www.msia.norwich.edu/secfocus
>
------------------------------------------------------------------------
--
> -
> 
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Received on Aug 02 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos