Re: Windows event auditing and reporting

Microsoft Windows NT (NT4,2000,XP,2003) based products all can use System Monitor, it's built in and provides a facility to set up trace logs
and alerts based on specific items, ie. registry changes etc. It's highly configurable and worthy of thorough investigation.

I hope that this helps keep the costs lower it's also in keeping with the less is more paradigm for computer security.

Sincerely,

Sean Swayze
PCSC Information Services

On 3-Apr-06, at 2:31 PM, rs wrote:

Can anyone recommend a good tool that will alert and report on Windows Event logs, especially DC logs for events such as New user accounts, changed user accounts, deleted user accounts, locked user accounts, failed login attempts, expired passwords, dormant accounts, etc. We have looked at both S.E.L.M from GFI (Reporting wasn't great) and Active Administrator from ScriptLogic (Reporting was great but event criteria was not customizable and it offers a ton of nice features that we don't necessarily need but would be paying for.) . Just wanted to see if there was anything else out there that someone could recommend?

---------------------------------------------------------------------- -----
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------- -----



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages

  • Re: Users missing Exchange mailbox still there
    ... and with no outside assistance deletes user accounts. ... Strange that the audit logs didn't capture anything. ... >>> through the event logs, syslogs, firewall syslogs, as well as our ... and recreated profiles on the PC's. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows event auditing and reporting
    ... Log to Syslog translators and subsequent Syslog reporting tools. ... Once you get your logs into a generally vendor-agnostic format such as ... Event logs, especially DC logs for events such as New user accounts, ... Computer Emergency Response Teams, and Digital Investigations. ...
    (Security-Basics)
  • Re: FTP Login anomaly
    ... >I am running IIS5.0 with windows user accounts for FTP login. ... >entering a wrong password and the logs showed 3 attempts, ... >incorrect passwords, no? ...
    (microsoft.public.inetserver.iis.ftp)
  • User Accounts issue
    ... logs on - through Control Panel and User Accounts - I ... amessage appears telling me that a recently installed ...
    (microsoft.public.windowsxp.security_admin)