Windows Thread, Manage Windows Security Event Logs in Technical; Currently we review event logs each day if we get time, this basically involves running a search for bad logon ...
9th December 2009, 10:15 AM #1
Manage Windows Security Event Logs
Currently we review event logs each day if we get time, this basically involves running a search for bad logon attempts against the admin accounts and looking for repeated (hundreds) attempts against other accounts to look for virus like activity. We then archive the logs in case we need to return to them.
How do you all manage your security event logs?
Anyone using third party software to analise logs and flag certain conditions?
10th December 2009, 12:17 PM #2
We dont do this, but we do something similar from time to time. For that we simply use Microsoft's Log Parser tool Download details: Log Parser 2.2. This allows you to run SQL like queries against the event logs which may speed up your processing.
Hope that helps
10th December 2009, 01:21 PM #3
I tried out Splunk for this... was pretty decent but new version is out now and should be a lot better
Splunk | IT Search for Log Management, Operations, Security and Compliance
Just don't typo on the name!!!
By tannajay in forum Windows Server 2000/2003
Last Post: 3rd December 2009, 04:08 PM
By reggiep in forum Windows Server 2000/2003
Last Post: 6th May 2009, 09:47 AM
Last Post: 27th March 2009, 12:35 PM
By Jobos in forum Windows
Last Post: 10th September 2007, 12:48 PM
By mrtechsystems in forum Windows
Last Post: 26th June 2005, 09:50 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)