RE: Auditing logins via w3svc
From: Sandy Wood (sandy.wood@da.ocgov.com)
Date: 12/19/02
- Next message: terry: "Re: Certificate server should or shouldn't"
- Previous message: Keith W. McCammon: "Re: Port 139 closed... what else?"
- In reply to: Jeff Qiu: "RE: Auditing logins via w3svc"
- Next in thread: Jeff Qiu: "RE: Auditing logins via w3svc"
- Reply: Jeff Qiu: "RE: Auditing logins via w3svc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Sandy Wood" <sandy.wood@da.ocgov.com> Date: Thu, 19 Dec 2002 10:26:35 -0800
here's my system.evt
thanks for the help!
>-----Original Message-----
>Hi Sandy,
>
>I am glad to do some further research for you.
>
>Please post a complete error log that has the W3SVC
source from the system
>log for our further research.
>
>Regards,
>
>Jeff Qiu
>jefffqiu@online.microsoft.com
>Online Support Professional
>Microsoft Corporation
>
>This posting is provided Ħ°AS ISĦħ with no warranties,
and confers no
>rights.
>
>--------------------
>>Content-Class: urn:content-classes:message
>>From: "Sandy Wood" <sandy.wood@da.ocgov.com>
>>Sender: "Sandy Wood" <sandy.wood@da.ocgov.com>
>>References: <04eb01c2a5f2$91d99660
$89f82ecf@TK2MSFTNGXA01>
><xNz7IYmpCHA.2580@cpmsftngxa09>
>>Subject: RE: Auditing logins via w3svc
>>Date: Wed, 18 Dec 2002 08:35:57 -0800
>>microsoft.public.win2000.security
>>
>>My question isn't so much about iis, as about auditing
>>login attempts and where should we look and why. I'll
>>head over to iis, but wouldn't this newsgroup be able
to
>>answer at least part of my issue?
>>>-----Original Message-----
>>>Hi Sandy,
>>>
>>>Based on my research, this error source W3SVC is
related
>>to the IIS. To
>>>better audit that kind of failure, you may need to go
>>deeper into the IIS
>>>console and Snap-Ins.
>>>
>>>Please post this question in the
>>microsoft.public.inetserver.iis newsgroup.
>>>That newsgroup is primarily for issues involving all
IIS
>>related issues.
>>>We recommend posting appropriately so you will get the
>>most qualified pool
>>>of respondents, and so other partners who regularly
read
>>the newsgroups can
>>>either share their knowledge or learn from your
>>interaction with us.
>>>
>>>Regards,
>>>
>>>Jeff Qiu
>>>jefffqiu@online.microsoft.com
>>>Online Support Professional
>>>Microsoft Corporation
>>>
>>>This posting is provided Ħ°AS ISĦħ with no warranties,
>>and confers no
>>>rights.
>>>
>>>--------------------
>>>>Content-Class: urn:content-classes:message
>>>>From: "Sandy Wood" <sandy.wood@da.ocgov.com>
>>>>Sender: "Sandy Wood" <sandy.wood@da.ocgov.com>
>>>>Subject: Auditing logins via w3svc
>>>>Date: Tue, 17 Dec 2002 09:34:36 -0800
>>>>microsoft.public.win2000.security
>>>>
>>>>I've been trying to get a handle on auditing failed
and
>>>>successful logins to our web site that has Int. NT
>>>>security. I've enabled auditing in secpol.msc and
looks
>>>>like the Security log is filling up nicely. My
question
>>>>is that I also see failed attempts at login in the
>>System
>>>>log under the W3SVC source. What's the best way to
make
>>>>sure I catch and audit all the attempts and why
aren't
>>>>they all covered just under the Security Log?
>>>>
>>>
>>>.
>>>
>>
>
>.
>
- application/octet-stream attachment: system.evt
- Next message: terry: "Re: Certificate server should or shouldn't"
- Previous message: Keith W. McCammon: "Re: Port 139 closed... what else?"
- In reply to: Jeff Qiu: "RE: Auditing logins via w3svc"
- Next in thread: Jeff Qiu: "RE: Auditing logins via w3svc"
- Reply: Jeff Qiu: "RE: Auditing logins via w3svc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
