How often do you view your Event Viewer? - Page 2

View Poll Results: Is AVG Anti-Spyware any good?

Voters
13. You may not vote on this poll
  • Yes - It's top banana

    4 30.77%
  • It's a very competent application

    5 38.46%
  • It's sort of alright

    2 15.38%
  • Not tried it

    1 7.69%
  • Total waste of time

    1 7.69%
Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 36

Thread: How often do you view your Event Viewer?

  1. #11
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    Code:
    eventvwr
    In the (TFM) Trusted Facility Manual as stated:

    Event Viewer is used to view and manage event logs, including the security log. It allows for viewing, sorting, filtering, and searching the event logs. The user must have access to the event log file in order to successfully view it. To view the contents of the security log, the user must be logged on as a member of the Administrators group. No special privilege isrequired to use Event Viewer itself. Security is enforced by the ACL on the log and certain registry settings.

    Using Windows NT, an administrator can audit all security events and user actions. User Manager enables you to specify which events (such as logon or file access) will be monitored. All audited information is stored in the Event Log, which can be viewed in Event Viewer.
    In addition to listing events by event ID, the security log in Event Viewer lists them by category. The following categories of events are displayed in the Security Log. (Those in parentheses are found in the Audit Policy dialog box of User Manager.)
    Event Viewer provides two sorting options: newest events first or the oldest events first. To filter events, there is a predefined set of options available. Some of the filter options are: from date, through date, warnings, errors, success or failure audit, source of logging events, user, and event category (e.g., policy changes). Event Viewer also provides for the saving of audit data in a number of formats, including comma-delimited ASCII.
    For user documentation about Event Viewer, see "Using Event Viewer" in Chapter 9, "Monitoring Events," of Microsoft« Windows NT« Server Version 4.0 Concepts and Planning.
    Enable auditing for successful object writes in the entire system directory and all subdirectories. After installing a new application, use Event Viewer to examine the security log for object access events. For each object access event, read the event detail. If the path portion of the object name indicates that the object is a system file and the type of access audited is WriteData, then a system file has been overwritten.

  2. #12
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Nothing magical about "event viewer"

    All it is is a formatted logfile viewer and manager. The Windows defaults are Applications, Security Audit and System.......................I also have AV and Video Card Manager.

    It was not available as an integral part of Win 9x, although I have seen third party software. Not that those OSes were noted for producing logfiles................Boot and DrWatson would be mostly what you used

    Its advantage over Notepad and Wordpad is that it has a pretty little GUI and management functionality. You can clear the logfiles, control their size and overwriting policy and filter events that are reported.

    Unless you have a problem just scan the logs for stuff that are marked in red or yellow, and anything unusual.

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #13
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    My OSs eyes and ears and because I'm nosy........ I like viewing it. I didn't expect anyone to be in line with me here.

  4. #14
    Banned
    Join Date
    May 2003
    Posts
    1,004
    Its advantage over Notepad and Wordpad is that it has a pretty little GUI and management functionality. You can clear the logfiles, control their size and overwriting policy and filter events that are reported.
    This statement seems a little dismissive.

    "management functionality" that allows you to view and alter auditing settings for any number of systems from a central location.

    "Control their size and overwriting policy" glosses over one of Windows' most significant security features, Crash on Audit Failure (CAF).

    But really, all applications pale in functionality when compared to emacs.

    cheers,

    catch

  5. #15
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    emacs, I thought that was only for looking uber when taking screenshots?

  6. #16
    Banned
    Join Date
    May 2003
    Posts
    1,004
    ah that is just another one of its trillions of functions... my favorite is the NASDAQ easter egg... in case you ever wish to run your own major stock market.

    cheers,

    catch

  7. #17
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    A census taker once tried to test me. I ate his liver with some fava beans and a nice chianti.


    How about this. I never check it. That's right. You heard me.

    I pass off event viewer data to a central syslog server where it gets churned through an aggregation process and if there is something I need to worry about, the event climbs up my watch list display.

    Checking event viewer logs (which kinda suck anyway) is not practical when you have thousands of servers to tend to and 20 times more workstations.


    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #18
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    What did Lecter say about the first principles? What does this guy do? He covets. How do we first start to covet?

    Doctor, this question wasn't directed at the network gods.....it's just Microsoft security awareness month for the mere mortals.

  9. #19
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    The question was what is Event Viewer ?

    That is what I answered. I do not see the relevance of an operating system that was intended to support networks and remote management, or that was intended to provide security functionality, to a question about a logfile viewer?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #20
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    I check my event logs about 3 times a week, I find them not nearly as interesting (thank god!) as the firewall and ids, and ipaudit logs that are checked randoml;y throughout the day.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides