Security Essentials, Textbook page 89

Copyright Goodheart-Willcox Co., Inc. 89 Chapter 3 Security Evaluation When Event Viewer is first opened, the main screen provides a dashboard for quick analysis. Multiple logs from different machines can be forwarded to one com- bined log. Windows event logs are categorized by type, as shown in Figure 3-4. They include the following: ■ ■■ critical ■■ error ■■ warning ■■ information ■■ audit success ■ audit failure With Event Viewer, other hosts can be set up to forward entire logs or specific events to a single source log, and you can back up your log data. A forwarded event log can be set up on a single machine to allow the tracking of events of logs from other systems, as shown in Figure 3-5. To gather data, a subscription to events is created on a remote computer. Data from all events is gathered, or as an alternative, data can be customized and limited to specific events such as errors or warnings. Logs in Linux distributions are stored in plaintext and found in the /var/log direc- tory and subdirectories. Linux maintains logs on many features, including system, ser- vices, events, and applications. Logs can be read from the command line or in a text editor. Other log management tools can be used to collect, correlate, and view log data. Type Meaning Critical A serious error. It indicates something is broken. An example of when this entry may appear is if the system is powered off without a clean shutdown. Error Indicates a significant problem that could include a loss of functionality or data. For example, if a service failed to start as instructed, this entry may be created. Warning Indicates a potential problem or possible future problem. For example, a warning can be logged if the system is low on disk space. Information Describes a successful operation of an application, driver, or service. For example, an event will be recorded for downloading and installing a Windows update. Audit Success An audited security access that was successful. A common example is a user’s successful attempt at logging in. Audit Failure An audited security event that fails. For example, an unsuccessful logon attempt is recorded as a failure. Goodheart-Willcox Publisher Figure 3-4 Event codes in Windows are classified by type that indicates their potential severity.

Previous Page Next Page

Security Essentials, Textbook Page 89 (103 of 704)

Help