Windows Security Logging and Other Esoterica
thoughts from the Windows auditing team
Browse by Tags
All Tags
»
Tools
(RSS)
ACS
Descriptions
HowTo
News
SEM
Tips
Windows Server 2008 Security Events Posted
16 April 08 11:09 PM
|
Eric Fitzgerald
|
1 Comments
Fadi, Ned and Brian of the auditing team have documented all the auditing events by audit policy category and subcategory for your reference. Check it out in the Knowledge Base . Even better, they documented all the events in spreadsheet format, and that's
Read More...
Shameless Self-Promotion
05 March 08 12:47 PM
|
Eric Fitzgerald
|
1 Comments
There's one topic that I know is on everyone's mind- no, not American Idol - it's "What's new in Auditing in Windows Server 2008?" Well, funny that you brought that up. My friend Jesper Johanssen just wrote a new book, the Windows Server 2008 Security
Read More...
ACS Event Transformation Demystified
27 February 08 05:43 PM
|
Eric Fitzgerald
|
1 Comments
I've decided to start dumping my knowledge of ACS for posterity's sake. My first installment is here, and it's an excerpt from an external email I put together which describes how event transformation works on ACS. Transformation is performed on the agent
Read More...
ACS Tidbits
01 February 08 05:04 PM
|
Eric Fitzgerald
|
1 Comments
Well there has been a lot happening on my old project, ACS (Audit Collection Services, a feature of SystemCenter Operations Manager 2007 ). Two more of our partners, Enterprise Certified and NetPro , have released compliance solutions on top of ACS. Another
Read More...
List of Windows Server 2003 Events
12 October 07 11:45 AM
|
Eric Fitzgerald
|
1 Comments
So a long time ago, back in my days of providing technical support for Windows NT 4.0, I published " Security Event Descriptions ". This article was the "schema" so to speak, for the Windows NT 4.0 security event log events. Technically Windows events
Read More...
Help! Someone has deleted events from my Windows event log!
10 August 07 03:59 PM
|
Eric Fitzgerald
|
1 Comments
From time to time I hear this, and it usually turns out not to be the case. I'll begin with a little background. First, The eventlog service does not have (and never did have) any public or private API to delete individual events- there is a log clear
Read More...
Documentation on the Windows Vista and Windows Server 2008 Security Events
31 July 07 02:36 PM
|
Eric Fitzgerald
|
2 Comments
I'm hearing lots of complaints that we don't have KB articles on these yet. Doriansoft has a blog post complaining that the " add 4096 " rule doesn't work because we collapsed the logon events into a single success event and failure event (from 2 success
Read More...
Where do I get my information on Windows auditing?
06 February 07 02:12 PM
|
Eric Fitzgerald
|
1 Comments
You might want to know where I go to get my information on audit events and so forth. Mostly I go to the source code or one of our developers. For continuity-of-employment reasons I won't be posting a link to that here ;-) We have some old specs and some
Read More...
What is up with Audit Collection Services?
09 November 05 12:37 PM
|
Eric Fitzgerald
|
1 Comments
A lot of you have been asking me to write about Audit Collection Services (ACS, which some of you might know as MACS). For those of you unfamiliar with ACS, it's a client-server application to collect, normalize and store large volumes of security event
Read More...
Managed Code Developers: You no longer have an excuse!
30 September 05 10:51 AM
|
Eric Fitzgerald
|
0 Comments
One of my former teammates, Mark, designed and built a set of managed classes for generating audit from .NET applications (for example, consider a web service). His work is published in the latest issue of MSDN magazine. A lot of people aren't aware of
Read More...
Yay! A fix for EventQuery
27 September 05 05:17 PM
|
Eric Fitzgerald
|
0 Comments
Those of us "in the know" :-) use eventquery.vbs to export events to a delimited file, and then use Excel to analyze the log- autofiltering rocks. Unfortunately if you have a large log, this doesn't work! Well, I finally used MSN Search to see if there
Read More...
Search
Go
This Blog
Home
Email
Tags
ACS
Descriptions
HowTo
Laws
News
Previews
Privacy
Rants
SEM
Tips
Tools
Archives
April 2008 (2)
March 2008 (1)
February 2008 (3)
January 2008 (1)
November 2007 (1)
October 2007 (2)
August 2007 (5)
July 2007 (3)
June 2007 (2)
May 2007 (3)
April 2007 (1)
February 2007 (3)
October 2006 (1)
September 2006 (2)
August 2006 (2)
June 2006 (1)
May 2006 (2)
March 2006 (3)
December 2005 (6)
November 2005 (2)
September 2005 (3)
August 2005 (11)
January 2005 (1)
December 2004 (2)
October 2004 (1)
Syndication
RSS 2.0
Atom 1.0
