Re: IPSec auditing

From: Eric Fitzgerald [MS] (ericf@online.microsoft.com)
Date: 10/31/02

Next message: Eric Fitzgerald [MS]: "Re: weird security logs"
Previous message: Eric Fitzgerald [MS]: "Re: SAM initialization error - The security ID structure is invalid. Error Status 0xc0000078"
In reply to: Daniel Angelucci: "Re: IPSec auditing"
Next in thread: Daniel Angelucci: "Re: IPSec auditing"
Reply: Daniel Angelucci: "Re: IPSec auditing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Eric Fitzgerald [MS]" <ericf@online.microsoft.com>
Date: Thu, 31 Oct 2002 12:17:13 -0800

Why not share with the group? If you have some questions about auditing
I'll be glad to address them.

Eric

"Daniel Angelucci" <angelucc@nospam.duke.edu> wrote in message
news:3DC1367F.5070802@nospam.duke.edu...
> Let's see... a quick look at my log and auditing policy would suggest
> the following....
>
> Audit system events should be set to success, failure.
>
> I am glad to see someone else doing this. Could you email me privately?
> I have some experiences that I wanted to confirm.
>
> Thanks!
> Dan
>
> Michael Buchardt wrote:
> > Hi
> >
> > I am trying to audit the IPSec communication between two clients in
domain.
> >
> > When I ping one the client the first time I get informed that it is
> > negotiating IPSec and the second time I ping the echo reply comes
through.
> > Not problems there. If I startup isecmon.exe I can see that the traffic
is
> > encrypted.
> > I have turned on auding on both client machines (Logon events + object
> > access - failure and success). But I doesn´t get any event ID 541 which
> > should state successful establishment of an IPSec Security Association
(SA).
> > I have tryed all that I can think of - am I doing something wrong here?!
> >
> > Kind Regards
> >
> >
> > Michael Buchardt
> >
> >
>
>

Next message: Eric Fitzgerald [MS]: "Re: weird security logs"
Previous message: Eric Fitzgerald [MS]: "Re: SAM initialization error - The security ID structure is invalid. Error Status 0xc0000078"
In reply to: Daniel Angelucci: "Re: IPSec auditing"
Next in thread: Daniel Angelucci: "Re: IPSec auditing"
Reply: Daniel Angelucci: "Re: IPSec auditing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

IPSec auditing
... I am trying to audit the IPSec communication between two clients in domain. ... When I ping one the client the first time I get informed that it is ... negotiating IPSec and the second time I ping the echo reply comes through. ... I have turned on auding on both client machines (Logon events + object ...
(microsoft.public.win2000.security)
Re: IPSec auditing
... It's not the auditing; it's the whole implementation. ... Dan ... Eric Fitzgerald wrote: ... >>>negotiating IPSec and the second time I ping the echo reply comes ...
(microsoft.public.win2000.security)