Monday, June 04, 2007

Some Fun Stuff About Windows Event Logs

It also has this neat, but a little confusing distinction:

"Auditing is indispensable for security-related monitoring of any server-based application, from e-mail servers to databases to Web servers. In today's security-conscious environments, a reliable audit trail is a valuable forensic tool and often a legal requirement for certain industries. For example, regulations such as Sarbanes-Oxley and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) require audit trails for certain systems, applications, and data. The Windows Server™ 2003 operating system provides features that let you enable a wide range of applications to make use of auditing functionality.

Auditing is, in many ways, similar to the well-known Windows® event logs. Despite the apparent similarity, there are important differences between auditing and event logs.

First, the APIs used for generating audits are new for Windows Server 2003 and are entirely separate from the APIs used for event logging.

Second, from a security standpoint, audit logs are uniquely suitable to tasks requiring tight control over who can generate and read the logs."

Dr Anton Chuvakin