Re: IPSec auditing
From: Daniel Angelucci (angelucc@nospam.duke.edu)
Date: 10/31/02
- Next message: s billings: "RE: Default Shell"
- Previous message: Daniel Angelucci: "Re: users locked out spontaneously..."
- In reply to: Michael Buchardt: "IPSec auditing"
- Next in thread: Eric Fitzgerald [MS]: "Re: IPSec auditing"
- Reply: Eric Fitzgerald [MS]: "Re: IPSec auditing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 31 Oct 2002 08:56:15 -0500 From: Daniel Angelucci <angelucc@nospam.duke.edu>
Let's see... a quick look at my log and auditing policy would suggest
the following....
Audit system events should be set to success, failure.
I am glad to see someone else doing this. Could you email me privately?
I have some experiences that I wanted to confirm.
Thanks!
Dan
Michael Buchardt wrote:
> Hi
>
> I am trying to audit the IPSec communication between two clients in domain.
>
> When I ping one the client the first time I get informed that it is
> negotiating IPSec and the second time I ping the echo reply comes through.
> Not problems there. If I startup isecmon.exe I can see that the traffic is
> encrypted.
> I have turned on auding on both client machines (Logon events + object
> access - failure and success). But I doesn´t get any event ID 541 which
> should state successful establishment of an IPSec Security Association (SA).
> I have tryed all that I can think of - am I doing something wrong here?!
>
> Kind Regards
>
>
> Michael Buchardt
>
>
- Next message: s billings: "RE: Default Shell"
- Previous message: Daniel Angelucci: "Re: users locked out spontaneously..."
- In reply to: Michael Buchardt: "IPSec auditing"
- Next in thread: Eric Fitzgerald [MS]: "Re: IPSec auditing"
- Reply: Eric Fitzgerald [MS]: "Re: IPSec auditing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
