Your SlideShare is downloading. ×

1556 a 09

468

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
468
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Module 9:Monitoring Event Logs
  • 2. Overview  Introduction to Monitoring Event Logs  Monitoring Security Events  Analyzing Security Events  Monitoring System and Application Events  Viewing Event Logs  Managing Event Logs  Best Practices
  • 3. Introduction to Monitoring Event Logs Audit Failed Access Policy System or Application Event User Log X Administrative Action Administrator
  • 4.  Monitoring Security Events  The Security Log  Categories of Security Events  Auditing Object Access Events
  • 5. The Security Log  Contains Information About:  Date and time the event occurred  Source of the event  Category of the event  User who generated the event  Successful or failed attempt
  • 6. Categories of Security Events Categories of Security Events Account Logon Object Access Privilege Use System Event
  • 7. Auditing Object Access Events  Audit Access to Files and Folders  Audit Access to Printers  Audit Access to Other Objects in Active Directory  Audit the Success or Failure of User Access Attempts
  • 8.  Analyzing Security Events  Analyzing Security Logs  Looking for Specific Security Events
  • 9. Analyzing Security Logs  Interpret Security Events to Determine Their Meanings  Analyze Security Events to Identify Failed Attempts to Access Resources  Analyze Security Events to Identify Successful Attempts to Access Resources  Track Events Over Time to Detect Trends  Take Action to Resolve Security Problems
  • 10. Looking for Specific Security Events  Logon Failure  Failure When Attempting to Read a File  Deletes or Attempts to Delete a Data File  Assigns or Attempts to Assign  Take Ownership permission  Change Permissions permission  Restart, Shutdown, and System Audit on Network Servers
  • 11.  Monitoring System and Application Events  System and Application Logs  Types of System and Application Events
  • 12. System and Application Logs  System Log Contains Events Logged by Windows 2003  Application Logs Contain Events Logged by Applications  System and Application Logs Contain:  Errors, warnings, and information  Date and time the event occurred  Source of the error Application  Category of event  User who generated the event System
  • 13. Types of System and Application Events Types of System and Application Events Information Warning Error
  • 14.  Viewing Event Logs  Using Event Viewer to View Logs  Using Event Viewer to Locate Events
  • 15. Using Event Viewer to View Logs  Use Event Viewer to View Detailed Event Information  Use Event Viewer to View Logs on a Remote Computer eventvwr - [Event Viewer (local)Security Log]Action View 0 event(s) Event Viewer (Local) Type Date Time Source Category Event User Application Log Success Audit 6/11/98 11:36:21 AM Security Privilege Use 577 SYSTE Directory Log Failure Audit 6/11/98 11:32:55 AM Security Privilege Use 578 Adminis Success Audit 6/11/98 11:03:49 AM Security Privilege Use 577 SYSTE DNS Server File Replication Servi Security Log Security Log System Log Connect to another computer… Connect to another computer… New All Tasks Help
  • 16. Using Event Viewer to Locate EventsSystem Log Properties ?General Filter Find in local System Log ? View Events Types Clear From: Information Success audit First Event 6/11/98 7:27:03 AMWarning Failure audit To: Error Last Event 6/11/98 7:27:50 AM Types Source: (All) Information Warning Error Category: (All) Success Audit Failure Audit Event ID: Source: (All) Computer: Category: (All) User: User: Description: Computer: Description Event ID: Up Down OK Cancel Apply Next Find Close Clear Help
  • 17.  Managing Event Logs  Limiting the Size of Event Log Files  Archiving Logs Save as... 512 Kb
  • 18. Limiting the Size of Event Log Files Security Log Properties ? General Filter Display name: Security Log Log name: D:NTIDSSystem32configSecEvent.Evt Choose a Size: 64.0 KB (65,536 bytes) Strategy to Created: Thursday, June 11, 1998 7:26:56 AM Limit Log Size Modified: Thursday, June 11, 1998 11:33:29 AM Accessed: Thursday, June 11, 1998 11:33:29 AM Maximum log size: 512 Kilobytes (64K increments) Event log wrapping Overwrite events as needed Overwrite events older than 7 days Do not overwrite events (clear log manually) Low speed connection Default Clear all Events OK Cancel Apply
  • 19. Archiving Logs  Archive Logs  View an Archived Log  SaveLogs as: Log file format (.evt) Text file format (.txt) Comma-delimited text file format (.csv)
  • 20. Best Practices Set Up a Schedule and Review Event Logs Regularly Archive Event Logs Regularly to Track Trends Review Security Logs for Significant Events Select an Appropriate Option to Overwrite Old Log Events
  • 21. Review  Introduction to Monitoring Event Logs  Monitoring Security Events  Analyzing Security Events  Monitoring System and Application Events  Viewing Event Logs  Managing Event Logs  Best Practices

×