Windows Security Logging and Other Esoterica

thoughts from the Windows auditing team

Browse by Tags

Tagged Content List
  • Blog Post: ACS Event Retention Mechanism

    I get a lot of questions about how ACS event retention works. So here you go, I'm blogging it so I can just answer with a link :-) There are two DWORD registry values which affect backlog transmission. Both are on the collector machine under HKLM\System\CurrentControlSet\Services\AdtServer\Parameters...
  • Blog Post: ACS' first bug from being too performant

    We got several reports recently of a bug in ACS that certain DS Access events, primarily for dnsNode and dnsZone objects, don't properly get looked up. Some background: the event log in Windows prefers to log invariants such as message IDs, parameter message IDs, SIDs (security IDs which represent...
  • Blog Post: ACS Event Transformation Demystified

    I've decided to start dumping my knowledge of ACS for posterity's sake. My first installment is here, and it's an excerpt from an external email I put together which describes how event transformation works on ACS. Transformation is performed on the agent (using instructions provided at connect...
Page 1 of 1 (3 items)