[logs] Remote log access
Vincent Bernat
bernat at luffy.cx
Thu Jun 28 15:31:57 PDT 2007
OoO En cette aube naissante du jeudi 28 juin 2007, vers 07:30, "saudi
sans" <saudisans at gmail.com> disait:
> We are using a SIM solution which has an agent which picks up windows
> logs remotely.
> On this agent we have to give a user-id/password of the target server
> from where windows event logs have to be picked up. This
> user-id/password needs admin rights on target server. The agent also
> needs remote registry access on target server. It works well.
> But I am not comfortable giving admin rights and remote registry
> access just for pulling event logs.
> From microsoft experts on this list - what minimum permissions are to
> be provided on a target windows machine for a remote software to
> access its event logs?
Look at documentation from DAD :
http://www.cyber-defense.org/DAD.html
http://sourceforge.net/project/showfiles.php?group_id=173936
They cite some Microsoft resources to fine tune log access.
--
printk("What? oldfid != cii->c_fid. Call 911.\n");
2.4.3 linux/fs/coda/cnode.c
More information about the LogAnalysis
mailing list