Re: TR : event viewer log How to get more information

From: H Carvey (keydet89@yahoo.com)
Date: 04/07/03

Next message: David Gillett: "RE: Iptables Clues and Advices."

Previous message: Trevor Cushen: "RE: TR : event viewer log How to get more information"
Maybe in reply to: QH=E9roux=2C_Christian=22?=: "TR : event viewer log How to get more information"
Next in thread: John Warnas/HintTech B.V.: "RE: TR : event viewer log How to get more information"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 7 Apr 2003 16:45:30 -0000
From: H Carvey <keydet89@yahoo.com>
To: security-basics@securityfocus.com

('binary' encoding is not supported, stored as-is) In-Reply-To: <C8AB711FE2BBD54E93443B9D8938D52FA18932@CREME.ad.etsmtl.ca>

>I hope you can help me=A0! There are many event log
like these one on a =
>user workstation windows XP. Someone logged into his
station? Right?

Yes.

> How can I get more info to troubleshoot?

What kind of information are you looking for? Just
about the only information you're missing from the
EventLog entry is the originating system's IP address.

> Nobody is allowed in this user station.

How do you mean? Locally or via the network. It looks
from the first entry as if someone logged in
remotely...if no one is allowed to do this...well,
someone did.

> We don`t have much info to find out what wrong. Is it a =
>process, which PC...

Not sure what you're asking...the remote PC name is
listed in the EventLog entry.

> Do you have any tool that could log more detail.

Sure. Snort.

>For more information, see Help and Support Center at =
>http://go.microsoft.com/fwlink/events.asp.

Did you check this link? Did it offer anything useful?

<b>
-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------
</b>

Next message: David Gillett: "RE: Iptables Clues and Advices."

Previous message: Trevor Cushen: "RE: TR : event viewer log How to get more information"
Maybe in reply to: QH=E9roux=2C_Christian=22?=: "TR : event viewer log How to get more information"
Next in thread: John Warnas/HintTech B.V.: "RE: TR : event viewer log How to get more information"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Building a security consultant laptop
... I wanted your input on how should I go about setting up a laptop that will ... Is SPAM over-loading your e-mail server, ... SurfControl E-Mail Filter is flexible, ... Download your free fully functional trial, complete with 30-days of free technical support. ...
(Security-Basics)
Linksys Technically
... This is a continuation of the Hardware vs Software firewall/router post. ... Is SPAM over-loading your e-mail server, ... SurfControl E-Mail Filter is flexible, ... Download your free fully functional trial, complete with 30-days of free technical support. ...
(Security-Basics)
Re: locking down NetBios need help
... >legit tool for checking passwords. ... Is SPAM over-loading your e-mail server, ... SurfControl E-Mail Filter is flexible, ... Download your free fully functional trial, complete with 30-days of free technical support. ...
(Security-Basics)
Re: jeckyl hyde network
... >cloud from all terminals? ... Is SPAM over-loading your e-mail server, ... SurfControl E-Mail Filter is flexible, ... Download your free fully functional trial, complete with 30-days of free technical support. ...
(Security-Basics)