Sucsss Audit - have I been hacked ?
From: Jay B (hidden_at_noemail.com)
Date: 08/28/04
- Next message: Colin Nash [MVP]: "Re: Sucsss Audit - have I been hacked ?"
- Previous message: adam: "Re: Windows 2000 Server IIS 6.0"
- Next in thread: Colin Nash [MVP]: "Re: Sucsss Audit - have I been hacked ?"
- Reply: Colin Nash [MVP]: "Re: Sucsss Audit - have I been hacked ?"
- Reply:(deleted message) Lanwench [MVP - Exchange]: "Re: Sucsss Audit - have I been hacked ?"
- Reply:(deleted message) Steven L Umbach: "Re: Sucsss Audit - have I been hacked ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 28 Aug 2004 00:17:07 GMT
I'm a security neophyte... I need some advice here as to whether I
found something bad in the Security Log.
My server was in a location where it was not physically secure.
When I got back to it today, I took a look in the Event Logs to see
what might have been happening while I was gone. In the Security Log
I found only _one_ event "Success Audit". What worries me is that
the detail shows "The audit log was cleared"... the event ran
as primary user "System", client user "administrator".
Is this a "normal" event? I admit to know nothing at all about
security audit process. Does this indicate that the audit log was
manually cleared by someone or is it the normal output of the
system audit process ?
Thanks,
Jay
- Next message: Colin Nash [MVP]: "Re: Sucsss Audit - have I been hacked ?"
- Previous message: adam: "Re: Windows 2000 Server IIS 6.0"
- Next in thread: Colin Nash [MVP]: "Re: Sucsss Audit - have I been hacked ?"
- Reply: Colin Nash [MVP]: "Re: Sucsss Audit - have I been hacked ?"
- Reply:(deleted message) Lanwench [MVP - Exchange]: "Re: Sucsss Audit - have I been hacked ?"
- Reply:(deleted message) Steven L Umbach: "Re: Sucsss Audit - have I been hacked ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
