Re: security event logs in DC as well ? SOS
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 4 May 2006 14:40:06 -0500
I don't know how you are seeing duplicate events because what is recorded in
the security log is what is happening on that computer. For instance when
auditing of logon events is enabled on a computer it will show when a
computer/user attempts to access the computer either via interactive logon
or via network share such as type 3 logon. These events would not be
recorded on a domain controller. You might however see an "account logon"
event recorded on a domain controller at the sane time as you see a logon
event on a domain computer because the user is authenticating to the domain
controller. You would not however see hack attempts on the domain computer
for " local" user accounts such as the built in administrator account in the
security log of a domain controller as account logon attempts. They would
only show in the security log of the domain computer. -- Steve
"Simo Sentissi" <msentissi@xxxxxxxxxxxx> wrote in message
news:er7Ui3vbGHA.5116@xxxxxxxxxxxxxxxxxxxxxxx
hello there
I am shipping all the security and application event log from servers to a
log agregation tool and i see some duplication of events from both the
domain controlers and the normal machines.
I am wondering if I even should ship the security evetn logs to the tool
if i am already shipping the security evetns from the DCs?
I have tons of duplications anybody knows ?
any ideas ? am I missing somethings ?
.
- References:
- security event logs in DC as well ? SOS
- From: Simo Sentissi
- security event logs in DC as well ? SOS
- Prev by Date: Re: Security bug in terminal services?
- Next by Date: Re: Security bug in terminal services?
- Previous by thread: security event logs in DC as well ? SOS
- Next by thread: Security bug in terminal services?
- Index(es):
Relevant Pages
|
