View Poll Results: Is AVG Anti-Spyware any good?
- Voters
- 13. You may not vote on this poll
-
November 6th, 2005, 12:05 PM
#11
In the (TFM) Trusted Facility Manual as stated:
Event Viewer is used to view and manage event logs, including the security log. It allows for viewing, sorting, filtering, and searching the event logs. The user must have access to the event log file in order to successfully view it. To view the contents of the security log, the user must be logged on as a member of the Administrators group. No special privilege isrequired to use Event Viewer itself. Security is enforced by the ACL on the log and certain registry settings.
Using Windows NT, an administrator can audit all security events and user actions. User Manager enables you to specify which events (such as logon or file access) will be monitored. All audited information is stored in the Event Log, which can be viewed in Event Viewer.
In addition to listing events by event ID, the security log in Event Viewer lists them by category. The following categories of events are displayed in the Security Log. (Those in parentheses are found in the Audit Policy dialog box of User Manager.)
Event Viewer provides two sorting options: newest events first or the oldest events first. To filter events, there is a predefined set of options available. Some of the filter options are: from date, through date, warnings, errors, success or failure audit, source of logging events, user, and event category (e.g., policy changes). Event Viewer also provides for the saving of audit data in a number of formats, including comma-delimited ASCII.
For user documentation about Event Viewer, see "Using Event Viewer" in Chapter 9, "Monitoring Events," of Microsoft« Windows NT« Server Version 4.0 Concepts and Planning.
Enable auditing for successful object writes in the entire system directory and all subdirectories. After installing a new application, use Event Viewer to examine the security log for object access events. For each object access event, read the event detail. If the path portion of the object name indicates that the object is a system file and the type of access audited is WriteData, then a system file has been overwritten.
-
November 6th, 2005, 12:09 PM
#12
Nothing magical about "event viewer"
All it is is a formatted logfile viewer and manager. The Windows defaults are Applications, Security Audit and System.......................I also have AV and Video Card Manager.
It was not available as an integral part of Win 9x, although I have seen third party software. Not that those OSes were noted for producing logfiles................Boot and DrWatson would be mostly what you used
Its advantage over Notepad and Wordpad is that it has a pretty little GUI and management functionality. You can clear the logfiles, control their size and overwriting policy and filter events that are reported.
Unless you have a problem just scan the logs for stuff that are marked in red or yellow, and anything unusual.
-
November 6th, 2005, 12:29 PM
#13
My OSs eyes and ears and because I'm nosy........ I like viewing it. I didn't expect anyone to be in line with me here.
-
November 6th, 2005, 12:32 PM
#14
Its advantage over Notepad and Wordpad is that it has a pretty little GUI and management functionality. You can clear the logfiles, control their size and overwriting policy and filter events that are reported.
This statement seems a little dismissive.
"management functionality" that allows you to view and alter auditing settings for any number of systems from a central location.
"Control their size and overwriting policy" glosses over one of Windows' most significant security features, Crash on Audit Failure (CAF).
But really, all applications pale in functionality when compared to emacs.
cheers,
catch
-
November 6th, 2005, 12:36 PM
#15
emacs, I thought that was only for looking uber when taking screenshots?
-
November 6th, 2005, 12:40 PM
#16
ah that is just another one of its trillions of functions... my favorite is the NASDAQ easter egg... in case you ever wish to run your own major stock market.
cheers,
catch
-
November 6th, 2005, 12:56 PM
#17
A census taker once tried to test me. I ate his liver with some fava beans and a nice chianti.
How about this. I never check it. That's right. You heard me.
I pass off event viewer data to a central syslog server where it gets churned through an aggregation process and if there is something I need to worry about, the event climbs up my watch list display.
Checking event viewer logs (which kinda suck anyway) is not practical when you have thousands of servers to tend to and 20 times more workstations.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
November 6th, 2005, 01:07 PM
#18
What did Lecter say about the first principles? What does this guy do? He covets. How do we first start to covet?
Doctor, this question wasn't directed at the network gods.....it's just Microsoft security awareness month for the mere mortals.
-
November 6th, 2005, 01:46 PM
#19
The question was what is Event Viewer ?
That is what I answered. I do not see the relevance of an operating system that was intended to support networks and remote management, or that was intended to provide security functionality, to a question about a logfile viewer?
-
November 6th, 2005, 04:57 PM
#20
I check my event logs about 3 times a week, I find them not nearly as interesting (thank god!) as the firewall and ids, and ipaudit logs that are checked randoml;y throughout the day.
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|