RE: Deleting NT audits ?

From: Chris Merkel (chrism@geo-synthetics.com)
Date: 08/14/01


Message-ID: <3D1C775474CAD211942D00805FC7EB0B4C7CD5@wisconsinnt.geo-synthetics.com>
From: Chris Merkel <chrism@geo-synthetics.com>
To: 'centipede' <centiped@netvision.net.il>, focus-ms@securityfocus.com
Subject: RE: Deleting NT audits ?
Date: Tue, 14 Aug 2001 16:29:59 -0500

First keystroke logging, then remote share management, now logfile
modification...

Curious minds want to know - why would you want to alter audit logs?
I can see cleaning up server logs because of stupid Win2k boxes forcing
elections, or a service going nutty and filling up a log... but security
auditing...

- Chris

> -----Original Message-----
> From: centipede [mailto:centiped@netvision.net.il]
> Sent: Tuesday, August 14, 2001 12:49 PM
> To: focus-ms@securityfocus.com
> Subject: Deleting NT audits ?
>
>
> Hi,
>
> Is there a way to delete specific NT4.0 audits entries,
> without deleting
> the whole bunch ?
> Any text/gui builtin_functions/3rd_party_utilities would be great.
> Btw, has anyone tried manually editing those files with any success ?
>
> Thanks !
> centipede.
>



Relevant Pages

  • Re: Deleting NT audits ?
    ... Subject: Deleting NT audits? ... > The logs currently opened exclusively by NT's eventlog service itself are ... > - Offset in previous event ...
    (Focus-Microsoft)
  • Re: Deleting NT audits ?
    ... Subject: Deleting NT audits? ... has anything to do with the EventLog at all... ... Make international calls for as low as $.04/minute with Yahoo! ...
    (Focus-Microsoft)
  • Re: Deleting NT audits ?
    ... Subject: Deleting NT audits? ... take a look at WinZapper... ... Make international calls for as low as $.04/minute with Yahoo! ...
    (Focus-Microsoft)