RE: Deleting NT audits ?
From: Chris Merkel (chrism@geo-synthetics.com)Date: 08/14/01
- Previous message: Matthew.van.Eerde@hbinc.com: "RE: What port is this being used"
- Maybe in reply to: centipede: "Deleting NT audits ?"
- Next in thread: Frank Heyne: "Re: Deleting NT audits ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3D1C775474CAD211942D00805FC7EB0B4C7CD5@wisconsinnt.geo-synthetics.com> From: Chris Merkel <chrism@geo-synthetics.com> To: 'centipede' <centiped@netvision.net.il>, focus-ms@securityfocus.com Subject: RE: Deleting NT audits ? Date: Tue, 14 Aug 2001 16:29:59 -0500
First keystroke logging, then remote share management, now logfile
modification...
Curious minds want to know - why would you want to alter audit logs?
I can see cleaning up server logs because of stupid Win2k boxes forcing
elections, or a service going nutty and filling up a log... but security
auditing...
- Chris
> -----Original Message-----
> From: centipede [mailto:centiped@netvision.net.il]
> Sent: Tuesday, August 14, 2001 12:49 PM
> To: focus-ms@securityfocus.com
> Subject: Deleting NT audits ?
>
>
> Hi,
>
> Is there a way to delete specific NT4.0 audits entries,
> without deleting
> the whole bunch ?
> Any text/gui builtin_functions/3rd_party_utilities would be great.
> Btw, has anyone tried manually editing those files with any success ?
>
> Thanks !
> centipede.
>
- Previous message: Matthew.van.Eerde@hbinc.com: "RE: What port is this being used"
- Maybe in reply to: centipede: "Deleting NT audits ?"
- Next in thread: Frank Heyne: "Re: Deleting NT audits ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
