Re: Accessing eventlogs remotely on W2K3 Server

• Previous message: Marc Fossi: "Article Announcement: IIS Lockdown and Urlscan"
• Next in thread: Aditya [ Aditya Lalit Deshmukh ]: "RE: Accessing eventlogs remotely on W2K3 Server"
• Reply: Aditya [ Aditya Lalit Deshmukh ]: "RE: Accessing eventlogs remotely on W2K3 Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 7 Jan 2004 14:46:46 -0800 (PST)
To: dwr3ck@hushmail.com, focus-ms@securityfocus.com

We addressed this by configuring all of our event logs to log to a remote (Unix) syslog server. Might this be an option for you?

Laura

-----Original Message-----
From: dwr3ck@hushmail.com
Sent: Dec 30, 2003 10:50 AM
To: focus-ms@securityfocus.com
Subject: Accessing eventlogs remotely on W2K3 Server

In shared web environments it is necessary to enable application owners
to view the event logs on the IIS servers hosting their applications
(minus the security log).

This is easy to do in W2K server by having them use the run as command
with the event viewer MMC from their machines with an account that has
user privileges on the server (that DOES NOT have log on locally access
etc).

I have found one reference on the MS web site that indicates that you
must be a local admin on the server to view event logs remotely.

Has anyone else run into this? I need to provide real-time access but
I cannot give the application owners local admin accounts. Also, enabling
guest access to the logs is not an option.

Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427

---------------------------------------------------------------------------
---------------------------------------------------------------------------

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: Marc Fossi: "Article Announcement: IIS Lockdown and Urlscan"
• Next in thread: Aditya [ Aditya Lalit Deshmukh ]: "RE: Accessing eventlogs remotely on W2K3 Server"
• Reply: Aditya [ Aditya Lalit Deshmukh ]: "RE: Accessing eventlogs remotely on W2K3 Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Problem in Exchange, not many info in logs, please help! ... Clear the event logs on the server and connect with a client that has the ... Default Offline Address List ... (microsoft.public.windows.server.sbs) Re: Server login hangs ... I did a few remote perfmon logs and ... logs show the CPU and disk idle as they usually are. ... I'll come back later and pull the plug on the UPS to force it to shutdown ... If you want to restart the server, on the workstation go to Start -> Run ... (microsoft.public.windows.server.sbs) Re: Is this a potential problem? ... The remote server did not respond ... pitstop on your way to the real IIS logs. ... The bottom line is that you need to worry about outbound delivery ... virtual server is going to make deliveries from a given source IP, ... (microsoft.public.inetserver.iis.smtp_nntp) RE: Accessing eventlogs remotely on W2K3 Server ... yes that really rocks - kiwisyslog is what you can use with ntsyslog for sending the logging info - all can be on windows and there is a free version that you can download and evulate ... We addressed this by configuring all of our event logs to log to a remote syslog server. ... (Focus-Microsoft) RE: isa 2004 & external website access issue ... emailed the logs to you as requested. ... each web server has its own public IP ... > headers in ISA Server ... > 'Microsoft Firewall' service. ... (microsoft.public.windows.server.sbs)