SYSTEM ACTIVITY MONITORING

Slides:



Advertisements
Similar presentations
IT Technical Support South Nottingham College. Aims Knowledge of the Registry Discuss the tools available to support a technician Gain an understanding.
Advertisements

Mastering Windows Network Forensics and Investigation Chapter 15: Forensic Analysis of Event Logs.
Lesson 17: Configuring Security Policies
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 10: Collect and Analyze Performance Data.
Server Administration Tools By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.
WUCM1 exam 1WUCM1. Exam format DURATION: 2 HOURS INSTRUCTIONS – Answer all questions in Section A (50 marks) and two questions from Section B (25 marks.
Maintaining and Updating Windows Server 2008
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
Maintaining Host Security Logs.  Security logs are invaluable for verifying whether the host's defenses are operating properly.  Another reason to maintain.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
Virtual Memory Tuning   You can improve a server’s performance by optimizing the way the paging file is used   You may want to size the paging file.
Module 15: Monitoring. Overview Formulate requirements and identify resources to monitor in a database environment Types of monitoring that can be carried.
Network and Active Directory Performance Monitoring and Troubleshooting NETW4008 Lecture 8.
1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing.
Monitoring and Troubleshooting Chapter 17. Review What role is required to share folders on Windows Server 2008 R2? What is the default permission listed.
Ch 11 Managing System Reliability and Availability 1.
Chapter 17: Watching Your System BAI617. Chapter Topics Working With Event Viewer Performance Monitor Resource Monitor.
1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer.
P6 - CONFIGURE THE SOFTWARE. CONFIGURE SOFTWARE Most software can be configured to suit an individual user, for example by changing the appearance of.
®® Microsoft Windows 7 for Power Users Tutorial 8 Troubleshooting Windows 7.
ITIS 2110 Class # No home network devices devices devices devices devices devices devices 9.
Copyright © 2006, SAS Institute Inc. All rights reserved. What Is New in SAS Profitability Management (PrM) 2.1? Authors: Jack Zhang Solution & Version:
IT Essentials 1 v4.0 Chapters 4 & 5 JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 14 Managing and Troubleshooting Windows 2000.
Hands-On Microsoft Windows Server 2008 Chapter 12 Managing System Reliability and Availability.
Ripple Technologies, Inc 7/98 LogCaster. Ripple Technologies, Inc 7/98 LogCaster NT Real Time System Monitoring.
Module 7: Fundamentals of Administering Windows Server 2008.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland Sysgem Products Sysgem Enterprise Manager (SEM)  Identity & Access Management  System Management.
Windows Vista Inside Out Chapter 22 - Monitoring System Activities with Event Viewer Last modified am.
11 MANAGING AND MONITORING DHCP Chapter 2. Chapter 2: MANAGING AND MONITORING DHCP2 MANAGING DHCP: COMMON DHCP ADMINISTRATIVE TASKS  Configure or modify.
Guide to Linux Installation and Administration, 2e1 Chapter 10 Managing System Resources.
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland Sysgem File Synchronizer (SFiS) Manage configuration files on multiple target servers from definitions.
Learningcomputer.com SQL Server 2008 – Profiling and Monitoring Tools.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
CSCI 1033 Computer Hardware Course Overview. Go to enter TA in the “Enter Promotion Code” box on the bottom right corner.
1 Microsoft Management Console Tool to create customized administration tools Customized tools known as MMC consoles, or simply consoles.
Using Event Viewer Event Levels Creating Custom Views Windows Logs Monitoring Performance.
Module 3: Configuring Mailbox Server Roles. Overview Overview of Exchange Server 2007 Administration Tools Implementing Mailbox Server Roles Managing.
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland Sysgem File Synchronizer (SFiS) Manage configuration files on multiple target servers from definitions.
Optimizing Windows Vista Performance Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Introducing ReadyBoostTroubleshoot performance.
Understand Audit Policies LESSON Security Fundamentals.
L Identify the “out-of-the-box” audit settings l Identify recommended minimum audit settings l Configure security event log settings to meet recommendations.
OPERATING SYSTEM BASICS. What is an operating system and what does it do? The operating system has two basic functions: –communicates with the PC.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Maintaining and Updating Windows Server 2008 Lesson 8.
Web Server Administration Chapter 11 Monitoring and Analyzing the Web Environment.
LAB302 Image Enabling Host Applications. Introduction What is the purpose of this class? What will we learn? What will you walk away with?
Chapter Objectives In this chapter, you will learn:
Module 9: Preparing to Administer a Server
Troubleshooting Tools
PowerShell Introduction Copyright © 2016 – Curt Hill.
Microsoft Dynamics CRM and Azure Service Bus Integration
Module Overview Installing and Configuring a Network Policy Server
MONITORING MICROSOFT WINDOWS SERVER 2003
Cisco Exam Securing Cisco Networks with Sourcefire FireAMP Endpoints Version: Demo practice-questions.html.
Cisco Exam Securing Cisco Networks with Sourcefire FireAMP Endpoints Version: Demo practice-questions.html.
Download Latest Free MB6-705 Exam Dumps | Dumsp4Download
Actual Microsoft Free MB6-705 Practice Questions
HOW TO FIX QUICKBOOKS RUNTIME ERROR ON WINDOWS 10?
Bethesda Cybersecurity Club
PROGRAM AT RUNTIME Subject code: CSCI-620
Module 9: Preparing to Administer a Server
PROGRAM AT RUNTIME Subject code: CSCI-620
FILE SECURITY AND ACCESS CONTROL
RUN TIME PROGRAM BEHAVIOUR
Presentation transcript:

SYSTEM ACTIVITY MONITORING Course Code: CSCI-620 Course Description: OPERATING SYSTEMS SECURITY Lecture 9: Session: 2 Duration: 120 min Lecture Unit: CSN1 Topic: Windows system activity monitoring Author: Prof. Bill Mihajlović Uvod Lecture 9.2 Copyright © R. A. Mihajlovic, Brooklyn, NY, USA, 2009, Reproduction in any shape or form is prohibited.

CSCI-620 Operating systems security Topics Windows systems event manager Inspecting events Customizing event data report Use Windows event manager to inspect systems log data Configure event manager reporting GUI utility to selectively report event data View log data Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

CSCI-620 Operating systems security Windows system event In Microsoft Windows XP, an event is any occurrence that is potentially noteworthy: to direct user, to other users, to the operating system, or to an application. Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

The Event Manager Utility Event manager is managing system’s internal event related journal messages Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

Windows system activity logging Windows systems events are recorded by the Event Log service, and their history is preserved in three log files: Security (Secevent.evt), Application (Appevent.evt), and System (Sysevent.evt). Event Viewer, a Microsoft Management Console snap-in supplied with Windows XP, allows you to: review and archive these three event logs. Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

System activity auditing Security events are recorded in the Security log, Secevent.evt. Monitoring security events is called security auditing. The Application and System logs (Appevent.evt, Sysevent.evt) record application events and system events, respectively. Monitoring these events is called systems auditing. Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

CSCI-620 Operating systems security Control panel Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

CSCI-620 Operating systems security Administrative tools Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

CSCI-620 Operating systems security CLI shell command Event Viewer may be started on the CLI command shell too. Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

Event log viewer General sources of event messages Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

Specific sources of event messages Event Log Viewer Message severity Specific sources of event messages General sources of event messages Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

Information event log line Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

CSCI-620 Operating systems security Error Event Log Line Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

Warning Event Log Content Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

Inspecting event message content Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

Customized report view Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

Customized report view Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

Custom view & filter logs options Report screen can be customized. Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

CSCI-620 Operating systems security Homework Write a short paper with screen shots on Windows log files, and Customizing Windows event management reports. Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

CSCI-620 Operating systems security Homework Comment 6 lines in the typical /etc/syslog.conf file. Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

CSCI-620 Operating systems security Homework Test m4 macro processor on dynamic configuration code in the /etc/syslog.conf file. Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

CSCI-620 Operating systems security Homework Install Linux in your free google cloud and start Linux command learning (For the final exam) and shell scripting. Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

CSCI-620 Operating systems security The End Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.