RE: TR : event viewer log How to get more information
From: John Warnas/HintTech B.V. (john.warnas@hinttech.com)
Date: 04/08/03
- Previous message: David Gillett: "RE: Iptables Clues and Advices."
- In reply to: QH=E9roux=2C_Christian=22?=: "TR : event viewer log How to get more information"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "John Warnas/HintTech B.V." <john.warnas@hinttech.com> To: Héroux, Christian <Christian.Heroux@etsmtl.ca>, <security-basics@securityfocus.com> Date: Tue, 8 Apr 2003 09:43:51 +0200
Well all I can see in the last event that somebody tried to log in on this
station. Have you checked the user rights on this station? Are there any
guest accounts?
Regards
John Warnas
--- HintTech B.V.; Kluyverweg 2a 2629 HT Delft; T +31(0)15-268 25 73 F +31(0)15-268 25 67; GSM +31(0)6-21 8584 34 --- -----Oorspronkelijk bericht----- Van: Héroux, Christian [mailto:Christian.Heroux@etsmtl.ca] Verzonden: vrijdag 4 april 2003 19:15 Aan: security-basics@securityfocus.com Onderwerp: TR : event viewer log How to get more information Hello all ! I hope you can help me ! There are many event log like these one on a user workstation windows XP. Someone logged into his station? Right? How can I get more info to troubleshoot? Nobody is allowed in this user station. We don`t have much info to find out what wrong. Is it a process, which PC...Do you have any tool that could log more detail. Christian H. Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 540 Date: 2003-04-02 Time: 10:19:02 User: XXX\ffournXXX Computer: BISMARCK Description: Successful Network Logon: User Name: ffournXXX Domain: XXX Logon ID: (0x0,0x1BA8FD3) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: GPA_024824 Logon GUID: {00000000-0000-0000-0000-000000000000} For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 540 Date: 2003-04-03 Time: 09:40:15 User: XXX\rmaraXXXX Computer: BISMARCK Description: Successful Network Logon: User Name: rmaranXXX Domain: XXX Logon ID: (0x0,0x586DD0) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: GPA_026195 Logon GUID: {00000000-0000-0000-0000-000000000000} For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 529 Date: 2003-04-04 Time: 02:33:06 User: NT AUTHORITY\SYSTEM Computer: BISMARCK Description: Logon Failure: Reason: Unknown user name or bad password User Name: Administrator Domain: PERF-1 Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NWV1_0 Workstation Name: PERF-1 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics <b> ------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. ------------------------------------------------------------------- </b>
- Previous message: David Gillett: "RE: Iptables Clues and Advices."
- In reply to: QH=E9roux=2C_Christian=22?=: "TR : event viewer log How to get more information"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
