Presentation is loading. Please wait.

Presentation is loading. Please wait.

SYSTEM ACTIVITY MONITORING

Published by数摩 寇 Modified over 5 years ago

Similar presentations

Presentation on theme: "SYSTEM ACTIVITY MONITORING"— Presentation transcript:

1 SYSTEM ACTIVITY MONITORING
Course Code: CSCI-620 Course Description: OPERATING SYSTEMS SECURITY Lecture 9: Session: 2 Duration: min Lecture Unit: CSN1 Topic: Windows system activity monitoring Author: Prof. Bill Mihajlović Uvod Lecture 9.2 Copyright © R. A. Mihajlovic, Brooklyn, NY, USA, 2009, Reproduction in any shape or form is prohibited.

2 CSCI-620 Operating systems security
Topics Windows systems event manager Inspecting events Customizing event data report Use Windows event manager to inspect systems log data Configure event manager reporting GUI utility to selectively report event data View log data Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

3 CSCI-620 Operating systems security
Windows system event In Microsoft Windows XP, an event is any occurrence that is potentially noteworthy: to direct user, to other users, to the operating system, or to an application. Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

4 The Event Manager Utility
Event manager is managing system’s internal event related journal messages Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

5 Windows system activity logging
Windows systems events are recorded by the Event Log service, and their history is preserved in three log files: Security (Secevent.evt), Application (Appevent.evt), and System (Sysevent.evt). Event Viewer, a Microsoft Management Console snap-in supplied with Windows XP, allows you to: review and archive these three event logs. Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

6 System activity auditing
Security events are recorded in the Security log, Secevent.evt. Monitoring security events is called security auditing. The Application and System logs (Appevent.evt, Sysevent.evt) record application events and system events, respectively. Monitoring these events is called systems auditing. Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

7 CSCI-620 Operating systems security
Control panel Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

8 CSCI-620 Operating systems security
Administrative tools Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

9 CSCI-620 Operating systems security
CLI shell command Event Viewer may be started on the CLI command shell too. Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

10 Event log viewer General sources of event messages
Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

11 Specific sources of event messages
Event Log Viewer Message severity Specific sources of event messages General sources of event messages Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

12 Information event log line
Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

13 CSCI-620 Operating systems security
Error Event Log Line Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

14 Warning Event Log Content
Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

15 Inspecting event message content
Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

16 Customized report view
Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

17 Customized report view
Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

18 Custom view & filter logs options
Report screen can be customized. Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

19 CSCI-620 Operating systems security
Homework Write a short paper with screen shots on Windows log files, and Customizing Windows event management reports. Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

20 CSCI-620 Operating systems security
Homework Comment 6 lines in the typical /etc/syslog.conf file. Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

21 CSCI-620 Operating systems security
Homework Test m4 macro processor on dynamic configuration code in the /etc/syslog.conf file. Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

22 CSCI-620 Operating systems security
Homework Install Linux in your free google cloud and start Linux command learning (For the final exam) and shell scripting. Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

23 CSCI-620 Operating systems security
The End Lecture 9.2 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009. CSCI-620 Operating systems security

Download ppt "SYSTEM ACTIVITY MONITORING"

Similar presentations

IT Technical Support South Nottingham College. Aims Knowledge of the Registry Discuss the tools available to support a technician Gain an understanding.

IT Technical Support South Nottingham College. Aims Knowledge of the Registry Discuss the tools available to support a technician Gain an understanding.
Mastering Windows Network Forensics and Investigation Chapter 15: Forensic Analysis of Event Logs.

Mastering Windows Network Forensics and Investigation Chapter 15: Forensic Analysis of Event Logs.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.

Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 10: Collect and Analyze Performance Data.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 10: Collect and Analyze Performance Data.
Server Administration Tools By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.

Server Administration Tools By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.
WUCM1 exam 1WUCM1. Exam format DURATION: 2 HOURS INSTRUCTIONS – Answer all questions in Section A (50 marks) and two questions from Section B (25 marks.

WUCM1 exam 1WUCM1. Exam format DURATION: 2 HOURS INSTRUCTIONS – Answer all questions in Section A (50 marks) and two questions from Section B (25 marks.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
Maintaining Host Security Logs.  Security logs are invaluable for verifying whether the host's defenses are operating properly.  Another reason to maintain.

Maintaining Host Security Logs.  Security logs are invaluable for verifying whether the host's defenses are operating properly.  Another reason to maintain.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
Virtual Memory Tuning   You can improve a server’s performance by optimizing the way the paging file is used   You may want to size the paging file.

Virtual Memory Tuning   You can improve a server’s performance by optimizing the way the paging file is used   You may want to size the paging file.
Module 15: Monitoring. Overview Formulate requirements and identify resources to monitor in a database environment Types of monitoring that can be carried.

Module 15: Monitoring. Overview Formulate requirements and identify resources to monitor in a database environment Types of monitoring that can be carried.
Network and Active Directory Performance Monitoring and Troubleshooting NETW4008 Lecture 8.

Network and Active Directory Performance Monitoring and Troubleshooting NETW4008 Lecture 8.
1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing.

1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing.
Monitoring and Troubleshooting Chapter 17. Review What role is required to share folders on Windows Server 2008 R2? What is the default permission listed.

Monitoring and Troubleshooting Chapter 17. Review What role is required to share folders on Windows Server 2008 R2? What is the default permission listed.
Ch 11 Managing System Reliability and Availability 1.

Ch 11 Managing System Reliability and Availability 1.
Chapter 17: Watching Your System BAI617. Chapter Topics Working With Event Viewer Performance Monitor Resource Monitor.

Chapter 17: Watching Your System BAI617. Chapter Topics Working With Event Viewer Performance Monitor Resource Monitor.
1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer.

1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer.

Similar presentations

Ads by Google