Re: TR : event viewer log How to get more information

[H Carvey <keydet89 () yahoo com>]

In-Reply-To: <C8AB711FE2BBD54E93443B9D8938D52FA18932 () CREME ad etsmtl ca>


> I hope you can help me=A0! There are many event log
like these one on a =
> user workstation windows XP. Someone logged into his
station? Right? 

Yes.

> How can I get more info to troubleshoot?

What kind of information are you looking for?  Just
about the only information you're missing from the
EventLog entry is the originating system's IP address.

> Nobody is allowed in this user station.

How do you mean?  Locally or via the network.  It looks
from the first entry as if someone logged in
remotely...if no one is allowed to do this...well,
someone did.

> We don`t have much info to find out what wrong. Is it a =
> process, which PC...

Not sure what you're asking...the remote PC name is
listed in the EventLog entry.

> Do you have any tool that could log  more detail.

Sure.  Snort.

> For more information, see Help and Support Center at =
> http://go.microsoft.com/fwlink/events.asp.

Did you check this link?  Did it offer anything useful?




<b>
-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------
</b>