Security Basics mailing list archives
Re: handling log files
From: Phillip McCollum <pmccollum () sanmanuel com>
Date: Sat, 06 Sep 2003 20:20:16 -0700
Hi John,Can't find anything concerning your first problem, but for auditing user logon events:
Since you're using Active Directory, in order to log logon events for all domain user accounts, you need to edit the Default Domain Controllers GPO for this. Once you open it up, browse to the Audit Policy and set the "Audit Account Logon Events" to record Successes and/or Failures.
Hope this helps, Phillip At 09:17 AM 9/5/2003 +0300, Kampanellis John wrote:
Hi! I have to design the security policy for a large company. The company has a large number of Win2k boxes. For the moment, I am trying to create a local security policy for the Win2k workstations. Among other things, I want to enable the auditing and event logs. I would like to find a way to control the log files. To be more precise, I would like to find a way to check if the log files size overpass a certain per cent. In that case, I would like to save them in a specific file and then clean them. I imagine that I have to write some kind of script. However, I don't know where to start. Another thing is that I would like to keep a trace of people logging-on. We are using Microsoft's Active Directory. What I would like to do, is every time someone logs on in a machine (not precise) the login of that person to be written in a file. Is there something already out there or should I write a script? Any help would be appreciate. Thnx in advance. John --------------------------------------------------------- Hacking may be cool.....but securing is COOLER! --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com----------------------------------------------------------------------------
---------------------------------------------------------------------------Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------
Current thread:
- handling log files Kampanellis John (Sep 05)
- Re: handling log files Phillip McCollum (Sep 08)