Comments on: Windows 2000 Server logs

By: happyard

happyard — Fri, 16 Sep 2005 05:25:16 +0000

Monitoring servers and users can be dangerous.
Be aware not to jump to conclusions!

I use SyslogServer (www.syslogserver.com) to monitor our servers.
I cost $49 in a Small Business edition. It has an agent you can install on the monitored servers. It can post the entries in your event logs to a dedicated syslog server. It can also post entries from almost anykind of logfile.

Best
Ole

By: aquaticous

aquaticous — Fri, 02 Sep 2005 08:29:36 +0000

Also, you may want to check out a few scripts from, http://www.microsoft.com/technet/scriptcenter/scripts/default.mspx
. There should be some good Admin scripts here that can create some logs for you without having to tweak every good setting within the MSC. This will simplify, plus create exactly what you want. Hope this helps!

By: dargandk

dargandk — Thu, 01 Sep 2005 17:05:04 +0000

It is a two edge sword, an Admin would normally have all the powers to remove the tracks. If he knows what he is doing. But there are few things, which can be done

1- Log everything system events + application logs +keyboard taps to another system. Which is not controlled by the same admin group. there are plenty of syslog applications, even free one . Although good key loggers would cost you . Keep the logging system, logically separate than windows environment. I would prefer a Linux machine

2- For system partition create image backup , incremental using software like Norton Ghost. It takes long time, but in case something does go wrong. You can bring another system back in few minutes and do the forensic checks

Dharminder Dargan

By: howard2nd

howard2nd — Thu, 01 Sep 2005 08:41:41 +0000

A – Be sure the activities of interest are being monitored. By default only some actions are auditied, add those actions of interest.
B – Server logs (especially 2000) can inundate you with information. Event viewer has filtering capabilities for view but poor for export/save of files.
C – Microsoft knows this and has a ‘FREE’ tool called Log Parser (current vesion 2.2) comes with a comprehensive help (examples) and runs from the command line.

Before going to 3rd party applications try these to see if it meets your needs.
Good luck.