Re: handling log files

[Phillip McCollum <pmccollum () sanmanuel com>]

Hi John,

Can't find anything concerning your first problem, but for auditing user 
logon events:

Since you're using Active Directory, in order to log logon events for all 
domain user accounts, you need to edit the Default Domain Controllers GPO 
for this.  Once you open it up, browse to the Audit Policy and set the 
"Audit Account Logon Events" to record Successes and/or Failures.

Hope this helps,
Phillip


At 09:17 AM 9/5/2003 +0300, Kampanellis John wrote:
> Hi!
>
> I have to design the security policy for a large company. The company has
> a large number of Win2k boxes.
> For the moment, I am trying to create a local security policy for the Win2k
> workstations.
>
> Among other things, I want to enable the auditing and event logs. I would
> like to find a way to control the log files. To be more precise, I would
> like to find a way to check if the log files size overpass a certain per
> cent. In
> that case, I would like to save them in a specific file and then clean them.
>
> I imagine that I have to write some kind of script. However, I don't know
> where to start.
>
> Another thing is that I would like to keep a trace of people logging-on. We
> are using
> Microsoft's Active Directory. What I would like to do, is every time someone
> logs on
> in a machine (not precise) the login of that person to be written in a file.
> Is there something
> already out there or should I write a script?
>
> Any help would be appreciate.
>
> Thnx in advance.
> John
> ---------------------------------------------------------
> Hacking may be cool.....but securing is COOLER!
>
>
>
> ---------------------------------------------------------------------------
> Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
> October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
> technical IT security event.  Modeled after the famous Black Hat event in
> Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
> Symantec is the Diamond sponsor.  Early-bird registration ends September 
> 6.Visit us: www.blackhat.com
> ----------------------------------------------------------------------------



---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
- Precisely Define and Implement Network Security 
- Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------