Re: log file how to?

From: Adrian Grigorof (adrian.grigorof)
Date: 06/04/04 

Date: Fri, 4 Jun 2004 11:36:04 -0400

Once auditing is enabled, you might also try ElUnDump for html-based reports
of Windows event logs. Set the user name as an "include" keyword to limit
the reports to only events containing that user name. See
www.altairtech.ca/elundump. 

-- 
Regards,
Adrian Grigorof
www.altairtech.ca/elundump
www.eventid.net
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:Ct%vc.39741$pt3.27383@attbi_s03...
> You can enable auditing on your computers however for what you would want
to do you
> would need to audit everything and then enable auditing on all folders on
the
> computer which is not practical as it would generate thousands and
thousands of
> events in the security log and substantially decrease computer
performance. I would
> start at enabling of logon events , account management, and object access.
The enable
> auditing of just sensitive folders and possible the executable files of
programs you
> want to monitor. You can also audit process tracking, but a gain you will
generate a
> lot of events. The trick to auditing is to just audit enough to get the
info you
> ant  - not everything. You can use filter view in Event Viewer to look for
certain
> events in the security log and use Event Comb to scan the logs of multiple
computers.
> The link below should be helpful.  --- Steve
>
> http://www.microsoft.com/technet/security/guidance/secmod144.mspx
> http://support.microsoft.com/default.aspx?scid=kb;en-us;301640
>
> "aken" <anonymous@discussions.microsoft.com> wrote in message
> news:284C2E45-0D58-42E3-9CE4-648FB615D841@microsoft.com...
> > hi,
> > as a system administrator, i would like to view all the details
partaining to login
> issues like who all have logged in, what did they work upon, their login
timings,
> what files they have browsed etc etc... what ever an administrator would
think upon
> as security measures. this datas must be automatically stored rather then
myself
> manually saving the
> > files.
> >
> > how can this be done. we have win2k server and win Xp as clients and is
domian
> environment.
> >
> > any suggestion
> > aken
>
>

Relevant Pages

  • Re: Can you audit file access within Sharepoint Services 3.0?
    ... you can't enable it with Windows Explorer nor can you enable it with any out of the box stsadm command. ... Maybe one of the SharePoint-specific management tools from Quest Software or AvePoint allows you to view those logs but I haven't checked. ... an interface to turn on/off auditing; ... view the audit records so you'd have to build that as well. ...
    (microsoft.public.sharepoint.windowsservices)
  • RE: Trace of 139 attack?
    ... Enabling auditing is as important as what you enable. ... data in the logs, as well. ... That way, if the attacker ... Make international calls for as low as $.04/minute with Yahoo! ...
    (Focus-Microsoft)
  • Re: Keep admins off of client machines
    ... but if you have your auditing set correctly there will be ... > monitor the event logs and then do some action such as e-mail or page you. ... > As part of your overall security you would have auditing on computer room ... > settings at what time, when they were turned back on and who was in the ...
    (microsoft.public.windows.server.sbs)
  • Re: User logging
    ... shouldn't....but be careful what auditing you choose to enable! ... I'm really thinking a keylog app is more what you need. ... Shouldn't, either, if you set your event logs to reasonable sizes before ... misuse is happening out of office hours. ...
    (microsoft.public.windowsxp.security_admin)
  • GPO Policy Auditing Solution
    ... I would like to apply successful/failure auditing only on ... a group of computers in a computer lab, ... and has an attached group policy underneath it named CCSLAB computer policy ...
    (microsoft.public.windows.server.networking)