Articles

Metasploit Framework Windows Tutorial
Remote Desktop Connection
Windows Processes That May Be Dangerous
How-To use NetCat a Tutorial
Common Linux Commands
Common Ports
Netcat Commands
HTTP Response Codes
War-Google Hack Terms
Wardriving
Avoiding Social Engineering and Phishing Attacks
Intrusion Detection on Linux
Linux Intrusion Detection
Penetration Testing Guide
Penetration Testing Tools
Social Engineering Fundamentals, Part I: Hacker Tactics
Social engineering (computer security)
The Psychology of Social Engineering

The Archives

General GSO
GovernmentSecurity.org News & Suggestions
In The News
Open Topic
General Security Information
Trash Can
Exploit & Vulnerability Mailing List Archives
Trial Member Forum
Product and Program Reviews GSO Tutorials
System Security
Windows Systems
Beginners Section
Linux & Unix Systems
File Downloads
Exploit Research & Discussion Trojan & Virus Errata
Networking Security / Firewall / IDS / VPN / Routers
System Hardening
E-Mail Security
Wifi Security
Trial Member Uploads
Upload discovered Trojans & Mal ware
GSO Programming Section
C , C++ , VC++
Visual Basic.NET
Perl /CGI
Java/Javascript
PHP/XML/ASP/HTML
Assembly + Other
The Cork Board
Network Security Consultant Directory
Network Security Jobs
The Archives
Encryption Information
General Network Security
Internet Anonymity
HTTP Protocol Security
Linux Security
MS IIS Information
Exploit Articles
Programming / Tool Design
GSO Software Projects
Public Downloads
Microsoft Security Questions and Papers
Help - Search - Member List - Calendar
GovernmentSecurity.org > System Security > System Hardening
ComSec
Aug 18 2003, 01:00 AM
Scan your security event log online

Check for high security events happening on your machine, such as users logging on to your machine, accesses to important files on your machine, failed logon attempts, security policy changes to your machine, and more! Use EventLogScan to check that your system is truly secure!

How it works

EventLogScan will install an ActiveX control on your machine and analyse all the events in your security event log. After the analysis, it will present you with an HTML report (sample) with all the critical, high and medium security events found and a brief explanation of each. To perform the scan, you must download the ActiveX control to your machine. You will be prompted to download the EventLogScan Service ActiveX Control. Select "Yes" to download and start the test.

Requirements for the test

Windows NT, 2000 or XP as operating system.

**Not** Windows 9X or ME! How to check your OS version ?

type at the run command :winver

Auditing must be switched on. How to check if auditing is switched on & how to switch it on

You must have rights and privileges to access the security log on your machine. How to check whether you can access the security log

Internet Explorer 4 or later

with the Internet security settings set to Medium. How to check/set your IE settings


Legal information

QUOTE
The information found in this test is not retained or sold in any way by WindowSecurity.com. Warning: By clicking the "Scan my event logs!" button, you agree to let EventLogScan scan your security event logs and you also agree to hold WindowSecurity.com blameless and free of any liability for anything that happens as a result of the event log scan.


WindowSecurity

C
dw-chow
Sep 29 2004, 05:49 PM
that seems useful to administrators on the go, but how would one do it indepdently without the need to use a 3rd party server [other than to setup their owns ids or something in that nature]
Bedosman
Sep 29 2004, 07:38 PM
Thx ComSec for this Tool , I think it will help me to track some strange event that are running on my Pc this last week , eg my tftp.exe run itself .... Maybe I was hacked mad.gif but with this I could analyse what my computer is doing ... ;:)

Thx smile.gif
dlproof
Jun 28 2005, 02:50 AM
To scan ur event logs without 3rd party programs (XP only). Goto control panel, then administrative tools, then event viewer. Click on the security tab and then it will show u ur security logs.
go0x
Jun 28 2005, 12:14 PM
nice site.

...if you are realy paranoid you could implement syslog protocol in m$ windows or instal snort. smile.gif
myth
Jun 28 2005, 12:57 PM
On the topic of Even Viewer,

www.eventid.net

Use that site when you have an error in your event log that you dont know what it is, what caused it, etc, just get the Event ID and type it into the inputbox at eventid.net's front page.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2005 Invision Power Services, Inc.