How often do you view your Event Viewer? - Page 3

View Poll Results: Is AVG Anti-Spyware any good?

Voters
13. You may not vote on this poll
  • Yes - It's top banana

    4 30.77%
  • It's a very competent application

    5 38.46%
  • It's sort of alright

    2 15.38%
  • Not tried it

    1 7.69%
  • Total waste of time

    1 7.69%
Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 36

Thread: How often do you view your Event Viewer?

  1. #21
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I'll post on both for both home and work... My vote was for work.

    I've got 2 servers at work, I check out their event viewer and my workstation event viewer daily.

    When I'm at home I sometimes forget that it even exists... I check it when I have problems and that's about it... sometimes not even when I have problems.

    Peace
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  2. #22
    ********** |ceWriterguy
    Join Date
    Aug 2004
    Posts
    1,608
    hokay - now why I voted once a month...

    My firewall catches bad outside stuff that's happening as it occurs and alerts me to it.
    My computer systems which have net access are shut down completely every night while I'm sleeping.
    My spyware/av proggies can catch nasty crap that gets through when Mrs |ce is doing things without telling me...(like downloading those damn spyware laden screensavers! grrr).

    So I look at the winblows event logs (assuming this is the event logs you're referring to) about once a month to see if there's anything that was missed, and to see how badly it spazzed out when this or that crash occurred, or this or that power-outage hit.

    Nuff said and hope that helped.
    Even a broken watch is correct twice a day.

    Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!

  3. #23
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    For my servers... I do similar things as Tedob1, where I dump them out into a text file which is saved on a central server and then parse them with a Perl script which looks for suspicious activity (re.; login failures, account re-enables, attempted login into disabled accounts, etc) and sends those suspicious entries to my team who reviews it every morning. Even when diagnosing an issue I will dump out the event log into text file before trying to use the crappy Win event log app.

    We are starting to deploy syslog agents on all the Win servers and will point them at our centralized syslog server that has all the logs on it: firewall, ids, router, switches, *nix servers, and now Win servers. We then run Swatch against it along with custom scripts run adhoc.

    For my workstations... only when there's a problem. Eventually we will point them to the syslog server but only send security alerts - nothing from system and app logs.

  4. #24
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    ric-o what syslog agent are you using? gfi has an app that looks rather good but its awful pricey for my budget, for right now anyway. im kinda thinking thay whatever TH13 is using is way outa range...is it TH?
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #25
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    742
    Originally posted here by thehorse13
    I pass off event viewer data to a central syslog server where it gets churned through an aggregation process and if there is something I need to worry about, the event climbs up my watch list display.
    Checking event viewer logs (which kinda suck anyway) is not practical when you have thousands of servers to tend to and 20 times more workstations.
    What application(s) are you using, I would be interested to look into something along these lines. While I am only responsible for 30 windows server (mighty small in comparison) I would be interested in finding a decent application for a fairly inexpensive price

    Thanks,
    -Spy
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  6. #26
    Senior Member
    Join Date
    Mar 2003
    Posts
    372
    hrm, that comment is a little disingenuous thehorse13 . You are indeed viewing them, just not personally. You have a centralized script that parses the information out and provides you with need to see information. I'm guessing you do this daily, or perhaps it is live... who knows besides you. But you /are/ viewing them, especially when you have a problem that needs to be seen by live eyes

    I'm in that same boat too.We have way too many servers to go through the logs personally, so we have scripts that crawl the central log servers for us and alert us to information that we need to see. I also choose a random log from time to time to go through to make sure that things are running the way we want them to and they the scripts have not been subverted.

    As far as my personal machine(s), I check the logs from time to time. There is nothing on those machines that I'm concerned with and if something goes south with them I will just format/reinstall anyway.

    Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

  7. #27
    Senior Member
    Join Date
    Mar 2003
    Posts
    372
    Originally posted here by Spyrus
    What application(s) are you using, I would be interested to look into something along these lines. While I am only responsible for 30 windows server (mighty small in comparison) I would be interested in finding a decent application for a fairly inexpensive price

    Thanks,
    -Spy
    The solution we use here is not cheap by any stretch of the imagination. We use Cisco MARS to cull information for us.

    At my previous job I wrote a perl script that parsed the information from a central server. We SCPd logs from the Windows side to a central server, ran a cron job that moved files around, tar'd stuff and deleted things that we didn't need any more. There was another cron job that ran the perl script that went through the log files and emailed out information that needed to be seen by someone. This was not a live system though, and we were always a day behind in log review.

    Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

  8. #28
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    I know some of you are thinking this guy must wash his hands until they bleed too! Checking those logs for the home comp like I do. It's not like I have ever found something and then had it save me. But all my stuff is automated. I just happen to have it incorporated with my clear useless files-bat on boot. I don't really need to refine my quick n' dirty bats I make, that's my prerogative.

    [code]@echo off
    @cd\
    @set usrpath="C:\Documents and Settings\%Username%\
    @set usrpath2="C:\Documents and Settings\%Username%\Local Settings\
    @echo.
    @echo.
    @IF EXIST %usrpath%Cookies\" @del %usrpath%Cookies\*.*" /F /Q /S
    @IF EXIST %usrpath%Cookies\" @rd %usrpath%Cookies\" /Q /S
    @IF NOT EXIST %usrpath%Cookies\" @md %usrpath%Cookies\"
    ::
    @del %usrpath%temp\*.*" /F /Q /S
    @rd %usrpath%temp\" /Q /S
    @md %usrpath%temp\"
    ::
    @del %usrpath%recent\*.*" /F /Q /S
    @rd %usrpath%recent\" /Q /S
    @md %usrpath%recent\"
    ::
    @del %usrpath2%History\*.*" /F /Q /S
    @rd %usrpath2%History\" /Q /S
    @IF NOT EXIST %usrpath2%History\" @md %usrpath2%History\"
    ::
    @del %usrpath2%Temp\*.*" /F /Q /S
    @rd %usrpath2%Temp\" /Q /S
    @md %usrpath2%Temp\"
    ::
    @del %usrpath2%Temporary Internet Files\*.*" /F /Q /S
    @rd %usrpath2%Temporary Internet Files\" /Q /S
    @IF NOT EXIST %usrpath2%Temporary Internet Files\" @md %usrpath2%Temporary Internet Files\"
    ::
    @del %usrpath%My Recent Documents\*.*" /F /Q /S
    @rd %usrpath%My Recent Documents\" /Q /S
    @md %usrpath%My Recent Documents\"
    ::
    @del %usrpath2%History\History.IE5\*.*" /F /Q /S
    @rd %usrpath2%History\History.IE5\" /Q /S
    @IF NOT EXIST %usrpath2%History\History.IE5\" @md %usrpath2%History\History.IE5\"
    ::
    @del "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\*.*" /F /Q /S
    @rd "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\" /Q /S
    @IF EXIST "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\" GOTO C1 @IF NOT EXIST "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\" @md "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\"
    :C1
    @IF EXIST C:\WINDOWS\Temp\ @del C:\WINDOWS\Temp\*.* /F /Q /S
    @rd C:\WINDOWS\Temp\ /Q /S
    @IF NOT EXIST C:\WINDOWS\Temp\ @md C:\WINDOWS\Temp\
    ::
    @del "C:\WINDOWS\Temporary Internet Files\*.*" /F /Q /S
    @rd "C:\WINDOWS\Temporary Internet Files\" /Q /S
    @IF NOT EXIST "C:\WINDOWS\Temporary Internet Files\" @md "C:\WINDOWS\Temporary Internet Files\"
    ::
    @del C:\WINDOWS\Cookies\*.* /F /Q /S
    @rd C:\WINDOWS\Cookies\ /Q /S
    @IF NOT EXIST C:\WINDOWS\Cookies\ @md C:\WINDOWS\Cookies\
    ::
    @del C:\TEMP\*.* /F /Q /S
    @rd C:\Temp\ /Q /S
    @IF NOT EXIST C:\Temp\ @md C:\Temp\
    ::
    @del C:\WINDOWS\Prefetch\*.* /F /Q /S
    @rd C:\WINDOWS\Prefetch\ /Q /S
    @IF NOT EXIST C:\WINDOWS\Prefetch\ @md C:\WINDOWS\Prefetch\
    ::
    @del index.dat /s /f /q
    ::
    @del *.tmp *.temp *.chk *.trc *.old *.scr *.$$$ *.~ *.~~~ /s /q /f
    ::
    start eventvwr.exe
    @exit


    I can't view the security on boot with a limited account, unless I want to edit this bat a little and run task scheduler, which I don't want to.

  9. #29
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    I don't know about you guys and gals but the event log should be clean. So checking them daily (unless you have say 1000) isn't a big deal. For instance I have one entry in mine today over and over.... disk has bad sector. That means in a bout a week or month this server will fail. So looking at those logs is critical when you get down to it. Unless you like those days when you get "OS not detected ...."
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  10. #30
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Doctor, this question wasn't directed at the network gods.....it's just Microsoft security awareness month for the mere mortals.
    You will not persuade me with appeals to my intellectual vanity.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides