Event Log and Event ID Research
eventlogs.com
home | research | strategies | solutions | tools

Research
The Event Log Defined
The Syslog Defined
The Event Log and
Today's Enterprise
Event IDs

Strategies
Event Log Management
and the Secure Network
Monitoring Event Logs
Auditing Event Logs
Event Correlation

Solutions
Monitoring Log Files
Collecting Log Files
Auditing Log Files
A Concept for
Total Log Management

Tools
Auditing Volume Analyzer


The Event Log and Today's Enterprise
Within today's security conscious IT environment, the event log is playing an increasingly vital role in securing Windows networks. Because of the extent to which the different log types provide information about happenings on a network, the event log files can play several roles:

  • Serve as real-time indicators of actions and incidents taking place on the network

  • Establish a history of incidents leading up to network phenomena

  • Establish an audit trail for user activity, both internal and external

With the event log providing the most basic piece of information on every action or incident that occurs on a network (or attempts to get in to a network), event log files provide the most valuable information a CIO, CTO, CSO or other network professional could desire about the health and security of his or her network. Unfortunately, the event log is not given the attention it probably should be given by most enterprises, and this could be because of several reasons:

  • There is no additional cost in "turning on" the logging for a Windows network. Therefore, the event log is often taken for granted as just another part of a Windows OS - just another option in a GUI menu.

  • Other investments are made in "security" related software and hardware, such as IDS solutions, mostly marketed as slick solutions to thwart external threats such as hackers, worms, and viruses. Meanwhile, a cost effective record of a network's symptoms of other more realistic needs goes underutilized.

  • The mass of event log data is difficult to manage and filter through to uncover the data that is most desired. Therefore, other tasks take priority, and the small amount of work that could be done to automate log management and maintenance for both short- and long-term results is neglected. Meanwhile, log files pile up daily and warnings of network crises go unheeded.

A number of leading companies and public agencies though are beginning to see the importance of utilizing and maintaining the event log. It is now common to find that organizations require daily monitoring of the event log as well as storage of five and sometimes seven years' worth of logs for future review.

For more information on strategies in event log management, take a look at our Strategies section.

Other resources:

Microsoft TechNet Security Center
Provided by Microsoft and offers information on securing Windows networks and potential uses of the event log within this context.

eventlogs.blogspot.com
See things through the eyes of the development department in a leading SEM / SIEM software firm and keep up on the complexities of the Windows Event Log and eventing.

 
Copyright © 2004-2007 Dorian Software Creations, Inc. All rights reserved. Dorian, Event Archiver, Event Analyst, Event Rover and Event Alarm are registered trademarks of Dorian Software Creations, Inc. Windows, Windows NT, Windows XP, Windows 2000, Windows 2003, Microsoft SQL, and Microsoft Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Oracle is a registered trademark, and Oracle9i is a trademark or registered trademark of Oracle Corporation. All other trademarks are the trademarks of their respective companies.