Windows Security Logging and Other Esoterica

thoughts from the Windows auditing team

Good List of Regulatory Requirements for Logging

Good List of Regulatory Requirements for Logging

  • Comments 4

My friend Dr. Tina Bird has put together a good list of regulatory requirements that pertain to logging and log retention.

Comments
  • Sorry, this is unrelated and depends on technical support.

    I want to know if you could link in a future post to event logging support resources (newsgroup, faqs etc..).

    I'm encountering system event log corruption and I want to obtain help, information and support for it.

    Regards,

  • Hey Sebastian,

    I have a post on my sources here:

    http://blogs.msdn.com/ericfitz/archive/2007/02/06/where-do-i-get-my-information-on-windows-auditing.aspx

    But our main support page is here:

    http://support.microsoft.com/

    The main support page has links to our faqs, knowledge base, and our communities site, which in turn has our newsgroups, etc.

    Best regards,

    Eric

  • Thanks for those.

    I read them already but haven't found any topics regarding log's integrity.

    I keep on searching.

  • Here you go:

    http://support.microsoft.com/kb/172156

    There are a couple of bugs that resulted in an erroneous corrupt event log file message; you can find these in the Knowledge Base, but they are older issues on Windows 2000 and Windows XP and if you're running recent service packs then those are probably not your problem.

    The event log team does not publish the evt file format specification so there is not much else you can do except delete the log files (or move them elsewhere).  You could examine them with a hex editor I suppose, but since they're in a binary format they're not very readable.

Page 1 of 1 (4 items)
Leave a Comment
  • Please add 4 and 2 and type the answer here:
  • Post