[logs] Syslog and Windows
Vincent Bernat
bernat at luffy.cx
Mon Jun 25 12:59:17 PDT 2007
OoO Pendant le journal télévisé du lundi 25 juin 2007, vers 20:54, Eric
Fitzgerald <Eric.Fitzgerald at microsoft.com> disait:
> In Windows events, it's common to embed invariants rather than strings-
> for instance instead of storing "Account Enabled" we store "%%2048";
> which Event Viewer looks up as "Account Enabled" in the locale of the
> viewer. Likewise we store security IDs and AD object GUIDs rather than
> the actual names of the objects; the names have to be looked up before
> presenting to the user; in SEM this is typically done at the agent prior
> to transmission to the SEM server.
What happens if a user get deleted from AD ?
--
BEWITCHED, DOES NOT PROMOTE SATANISM
BEWITCHED, DOES NOT PROMOTE SATANISM
BEWITCHED, DOES NOT PROMOTE SATANISM
-+- Bart Simpson on chalkboard in episode 2F17
More information about the LogAnalysis
mailing list