• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Analyzing event logs

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response

View previous topic :: View next topic  
Author Message
dfresh
Just Arrived
Just Arrived


Joined: 07 Oct 2008
Posts: 0


Offline

PostPosted: Thu Oct 30, 2008 7:05 pm    Post subject: Analyzing event logs Reply with quote

I did a search for "Analyzing event logs" on this site but nothing really came up. I'm looking for any links or whitepapers that can give me the best way to go about reviewing these log files. Specifically the security logs.

Thanks
Back to top
View user's profile Send private message
ryansutton
Trusted SF Member
Trusted SF Member


Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California

Offline

PostPosted: Fri Oct 31, 2008 4:36 pm    Post subject: Reply with quote

I generally start by going to http://www.eventid.net/ and punching in the log information. If I can't find what I need there I will Google the error message and look for more information.

If I am working on a server I tend to be more picky when researching a problem. I try to find an answer within the Technet forums, as the MS support team often directly answers questions there. Additionally, you can often find MS KB articles for specific event log problems, these are usually trustworthy.
Back to top
View user's profile Send private message
graycat
SF Mod
SF Mod


Joined: 29 Apr 2005
Posts: 16777195
Location: London, UK

Offline

PostPosted: Fri Oct 31, 2008 4:56 pm    Post subject: Reply with quote

+1 for what Ryan says ..... even if he's got a strange avatar now. just wth is that, Mr S?! Smile

Personally, if i'm wading through an event log I'll first filter the view off so i'm only seeing the warnings and errors then work through them. Google or the search engine of your choice is always a really good place to start and will pickup most sites such as EventID.net, Experts-Exchange, MS's own articles or even that cracking site called SFDC Wink

IMO EventID is worth the subscription for a business as is Experts-Exchange especially as you only need one account for everyone Wink

I'm not sure to recommend beyond that other than get stuck in there and track the errors down. Simply by doing that regularly you'll start to get a feel for what's what and pick the important things from the not so important ones.

the fun really starts getting going when you're pulling all the event logs together from multiple servers and viewing them time sync'd so you can get an overall view of your network. Smile
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
ryansutton
Trusted SF Member
Trusted SF Member


Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California

Offline

PostPosted: Fri Oct 31, 2008 5:04 pm    Post subject: Reply with quote

graycat wrote:
+1 for what Ryan says ..... even if he's got a strange avatar now. just wth is that, Mr S?! Smile


The main character from once of my favorite child hood video games, Metroid. Smile
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register