Re: Sucsss Audit - have I been hacked ?
From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 08/28/04
- Next message: Roger Abell: "Re: Oodles of 529 Logon Failures every 2:00 AM"
- Previous message: Colin Nash [MVP]: "Re: Sucsss Audit - have I been hacked ?"
- In reply to:(deleted message) Jay B: "Sucsss Audit - have I been hacked ?"
- Next in thread: Steven L Umbach: "Re: Sucsss Audit - have I been hacked ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Aug 2004 20:43:54 -0400
Jay B wrote:
> I'm a security neophyte... I need some advice here as to whether I
> found something bad in the Security Log.
>
> My server was in a location where it was not physically secure.
> When I got back to it today, I took a look in the Event Logs to see
> what might have been happening while I was gone. In the Security Log
> I found only _one_ event "Success Audit". What worries me is that
> the detail shows "The audit log was cleared"... the event ran
> as primary user "System", client user "administrator".
>
> Is this a "normal" event? I admit to know nothing at all about
> security audit process. Does this indicate that the audit log was
> manually cleared by someone or is it the normal output of the
> system audit process ?
Someone manually cleared it. This does not happen on its own.
>
> Thanks,
> Jay
- Next message: Roger Abell: "Re: Oodles of 529 Logon Failures every 2:00 AM"
- Previous message: Colin Nash [MVP]: "Re: Sucsss Audit - have I been hacked ?"
- In reply to:(deleted message) Jay B: "Sucsss Audit - have I been hacked ?"
- Next in thread: Steven L Umbach: "Re: Sucsss Audit - have I been hacked ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
