Analyzing event logs

Networking/Security Forums -> Computer Forensics and Incident Response

Author: dfresh PostPosted: Thu Oct 30, 2008 7:05 pm    Post subject: Analyzing event logs
    ----
I did a search for "Analyzing event logs" on this site but nothing really came up. I'm looking for any links or whitepapers that can give me the best way to go about reviewing these log files. Specifically the security logs.

Thanks

Author: ryansuttonLocation: San Francisco, California PostPosted: Fri Oct 31, 2008 4:36 pm    Post subject:
    ----
I generally start by going to http://www.eventid.net/ and punching in the log information. If I can't find what I need there I will Google the error message and look for more information.

If I am working on a server I tend to be more picky when researching a problem. I try to find an answer within the Technet forums, as the MS support team often directly answers questions there. Additionally, you can often find MS KB articles for specific event log problems, these are usually trustworthy.

Author: graycatLocation: London, UK PostPosted: Fri Oct 31, 2008 4:56 pm    Post subject:
    ----
+1 for what Ryan says ..... even if he's got a strange avatar now. just wth is that, Mr S?! Smile

Personally, if i'm wading through an event log I'll first filter the view off so i'm only seeing the warnings and errors then work through them. Google or the search engine of your choice is always a really good place to start and will pickup most sites such as EventID.net, Experts-Exchange, MS's own articles or even that cracking site called SFDC Wink

IMO EventID is worth the subscription for a business as is Experts-Exchange especially as you only need one account for everyone Wink

I'm not sure to recommend beyond that other than get stuck in there and track the errors down. Simply by doing that regularly you'll start to get a feel for what's what and pick the important things from the not so important ones.

the fun really starts getting going when you're pulling all the event logs together from multiple servers and viewing them time sync'd so you can get an overall view of your network. Smile

Author: ryansuttonLocation: San Francisco, California PostPosted: Fri Oct 31, 2008 5:04 pm    Post subject:
    ----
graycat wrote:
+1 for what Ryan says ..... even if he's got a strange avatar now. just wth is that, Mr S?! Smile


The main character from once of my favorite child hood video games, Metroid. Smile



Networking/Security Forums -> Computer Forensics and Incident Response


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group