Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Audit package
From: "Jensen, Greg" <Greg_Jensen () NAI COM>
Date: Thu, 28 Sep 2000 09:39:14 -0700

That is the basis of the PGP CyberCop Monitor. It is an end-node agent that
uses local NT audit logs or C2 auditing in Solaris to monitor user
activities. In addition of the host-based IDS, it also is a full blown
NW-based IDS in the same agent.


-----Original Message-----
From: Michael Graham [mailto:graham_michael () HOTMAIL COM]
Sent: Wednesday, September 27, 2000 6:04 AM
Subject: [PEN-TEST] Audit package

I hope this is the right sort of question.

Does anyone know of a package/application that uses the info created in the
Audit log of say NT or UNIX and enables administrators to drill down and get
info about users' movements like if someone is accessing loads of sensitive
files/directories on a given day etc.

The reason I ask is this, the Audit log doles out loads of info however I
want to be able to interrogate it and apply particular search routines to
it, to get that salient info only.



Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]