Re: Security Log Display
From: Eric Fitzgerald [MS] (ericf@online.microsoft.com)
Date: 08/14/02
- Next message: Eric Fitzgerald [MS]: "Re: W2k Event Log - IP Address"
- Previous message: Eric Fitzgerald [MS]: "Re: Event Viewer security log and shut down button"
- In reply to: karl [x y]: "Re: Security Log Display"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Eric Fitzgerald [MS]" <ericf@online.microsoft.com> Date: Tue, 13 Aug 2002 17:24:07 -0700
This feature has been added to Windows .NET Server.
Eric
-- Eric Fitzgerald Program Manager, Windows Auditing and Intrusion Detection Microsoft Corporation "karl [x y]" <jamescagney90210@excite.com> wrote in message news:#xWmudEOCHA.1756@tkmsftngp08... > No, not without third party software or hardware e.g. a firewall, starting > at the low end with Sygate firewall software [free for non-commercial use, > or $30] or Netgear firewall starting at $70 US. If you spit both your > firewall logs and your windows log out [using I think NTsyslog] to a free > syslog client such as kiwi syslog service version from > www.kiwi-enterprises.com, then any failed login should be preceded by an > entry containing the IP address. I'm not sure this is possible with Sygate, > but is possible with hardware nat routers and firewalls like Netgear, > Linksys, etc. > > "Chris" <cmoon@nospam.fas.harvard.edu> wrote in message > news:2fb101c23813$2f9c6d30$19ef2ecf@tkmsftngxa01... > > I have set up auditing on my Windows 2000 server. > > However, it seems that when there is a failed login > > attempt I get the workstation name that the attempt came > > from. Is there anyway to make it give me the IP > > > > Thanks > > Chris > >
- Next message: Eric Fitzgerald [MS]: "Re: W2k Event Log - IP Address"
- Previous message: Eric Fitzgerald [MS]: "Re: Event Viewer security log and shut down button"
- In reply to: karl [x y]: "Re: Security Log Display"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
