• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
1556 a 09
 

1556 a 09

on

  • 556 views

 

Statistics

Views

Total Views
556
Views on SlideShare
556
Embed Views
0

Actions

Likes
0
Downloads
8
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    1556 a 09 1556 a 09 Presentation Transcript

    • Module 9:Monitoring Event Logs
    • Overview  Introduction to Monitoring Event Logs  Monitoring Security Events  Analyzing Security Events  Monitoring System and Application Events  Viewing Event Logs  Managing Event Logs  Best Practices
    • Introduction to Monitoring Event Logs Audit Failed Access Policy System or Application Event User Log X Administrative Action Administrator
    •  Monitoring Security Events  The Security Log  Categories of Security Events  Auditing Object Access Events
    • The Security Log  Contains Information About:  Date and time the event occurred  Source of the event  Category of the event  User who generated the event  Successful or failed attempt
    • Categories of Security Events Categories of Security Events Account Logon Object Access Privilege Use System Event
    • Auditing Object Access Events  Audit Access to Files and Folders  Audit Access to Printers  Audit Access to Other Objects in Active Directory  Audit the Success or Failure of User Access Attempts
    •  Analyzing Security Events  Analyzing Security Logs  Looking for Specific Security Events
    • Analyzing Security Logs  Interpret Security Events to Determine Their Meanings  Analyze Security Events to Identify Failed Attempts to Access Resources  Analyze Security Events to Identify Successful Attempts to Access Resources  Track Events Over Time to Detect Trends  Take Action to Resolve Security Problems
    • Looking for Specific Security Events  Logon Failure  Failure When Attempting to Read a File  Deletes or Attempts to Delete a Data File  Assigns or Attempts to Assign  Take Ownership permission  Change Permissions permission  Restart, Shutdown, and System Audit on Network Servers
    •  Monitoring System and Application Events  System and Application Logs  Types of System and Application Events
    • System and Application Logs  System Log Contains Events Logged by Windows 2003  Application Logs Contain Events Logged by Applications  System and Application Logs Contain:  Errors, warnings, and information  Date and time the event occurred  Source of the error Application  Category of event  User who generated the event System
    • Types of System and Application Events Types of System and Application Events Information Warning Error
    •  Viewing Event Logs  Using Event Viewer to View Logs  Using Event Viewer to Locate Events
    • Using Event Viewer to View Logs  Use Event Viewer to View Detailed Event Information  Use Event Viewer to View Logs on a Remote Computer eventvwr - [Event Viewer (local)Security Log]Action View 0 event(s) Event Viewer (Local) Type Date Time Source Category Event User Application Log Success Audit 6/11/98 11:36:21 AM Security Privilege Use 577 SYSTE Directory Log Failure Audit 6/11/98 11:32:55 AM Security Privilege Use 578 Adminis Success Audit 6/11/98 11:03:49 AM Security Privilege Use 577 SYSTE DNS Server File Replication Servi Security Log Security Log System Log Connect to another computer… Connect to another computer… New All Tasks Help
    • Using Event Viewer to Locate EventsSystem Log Properties ?General Filter Find in local System Log ? View Events Types Clear From: Information Success audit First Event 6/11/98 7:27:03 AMWarning Failure audit To: Error Last Event 6/11/98 7:27:50 AM Types Source: (All) Information Warning Error Category: (All) Success Audit Failure Audit Event ID: Source: (All) Computer: Category: (All) User: User: Description: Computer: Description Event ID: Up Down OK Cancel Apply Next Find Close Clear Help
    •  Managing Event Logs  Limiting the Size of Event Log Files  Archiving Logs Save as... 512 Kb
    • Limiting the Size of Event Log Files Security Log Properties ? General Filter Display name: Security Log Log name: D:NTIDSSystem32configSecEvent.Evt Choose a Size: 64.0 KB (65,536 bytes) Strategy to Created: Thursday, June 11, 1998 7:26:56 AM Limit Log Size Modified: Thursday, June 11, 1998 11:33:29 AM Accessed: Thursday, June 11, 1998 11:33:29 AM Maximum log size: 512 Kilobytes (64K increments) Event log wrapping Overwrite events as needed Overwrite events older than 7 days Do not overwrite events (clear log manually) Low speed connection Default Clear all Events OK Cancel Apply
    • Archiving Logs  Archive Logs  View an Archived Log  SaveLogs as: Log file format (.evt) Text file format (.txt) Comma-delimited text file format (.csv)
    • Best Practices Set Up a Schedule and Review Event Logs Regularly Archive Event Logs Regularly to Track Trends Review Security Logs for Significant Events Select an Appropriate Option to Overwrite Old Log Events
    • Review  Introduction to Monitoring Event Logs  Monitoring Security Events  Analyzing Security Events  Monitoring System and Application Events  Viewing Event Logs  Managing Event Logs  Best Practices