The Logging Experts
The Logging Experts
Article created by Rainer Gerhards. A hardened log host is a system that is especially configured to prevent malicious users from modifying any log data stored inside it. A hardened log host is especially useful if tampering with log data is to be avoided. Setting up a proper hardened host can definitely help if evidence […]
Article created by Rainer Gerhards. MonitorWare Agent can be used with standard firewalling. The product itself does not require any specific access privileges to network services like RPC or the like. The Windows networking support required is fully dependant on the needs of the network or security administrator. If a fully locked-down system is desired, […]
Article created by Rainer Gerhards. The Windows event log provides multiple evidence of potential intrusions. We will discuss what to look for when checking the event log. We have used Windows 10 while updating this text. There may be differences for other versions, so you might want to check if you are using a different […]
MonitorWare Agent can receive vital network status information from a variety of devices. As these devices are from many different vendors and have many different applications, it is impossible to provide detailed configuration information for all of them. We provide configuration information for some well-known devices. Hopefully, the samples will provide some idea of how […]
In this scenario, an event log monitor is used to forward all events written to the NT Event Log to a SETP server. This is another instance of the MonitorWare Agent, typically running at a central hub system. This instance receives the event data generated by the sending MonitorWare Agent/EventReporter and can then act accordingly […]
Article created by Rainer Gerhards. In this scenario, a simple syslog server will be created. No other services are configured. The syslog server will operate as a standard syslog server on the default port of 514/UDP. All incoming data will be written to a single text file. Step 1 – Defining a Rule Set for […]
Created by Wajih-ur-Rehman. I entered my license information through the client interface but it still says that it is a “trial version”. How to solve this problem? Following are some of the reasons for your problem: If your license name does not have a space at the end, make sure that you dont put the […]
Created by Wajih-ur-Rehman. Overview This paper explains you the Rule Engine that is employed in some of the MonitorWare Line of Products namely MonitorWare Agent, WinSyslog and Event Reporter 6.0 (and higher) What is Rule Engine Rule Engine is actually an engine present in the above mentioned MonitorWare Line of Products using which you can […]
Created by Wajih-ur-Rehman. Overview This paper is not an in depth paper about syslog. It simply gives you an overview and a broader picture about the Syslog Protocol and its architecture. If you are interested in in-depth details about Syslog, I would strongly suggest you to go through RFC: 3164.
By Rainer Gerhards Abstract This paper describes the IIS workflow (aka “order of operations”) as far as the author thinks it is. I have tried hard to make the information as complete and accurate as possible, but obviously it might be wrong as I haven’t coded IIS. All information in this paper is taken from […]