Monitoring Audited Events
A number of methods exist for monitoring events written to the security Event log. These methods range from reading the events manually by using the Event Viewer to using powerful automated event-consolidating and event-monitoring software such as Microsoft Operations Manager. Each method serves a specific purpose; you need to select a method that is most appropriate for your environment and particular situation. These are the four primary methods for monitoring events:
Event Viewer
Custom scripts
Event Comb
Fully automated tools, such as Microsoft Operations Manager
The discussion of fully automated event-monitoring tools is outside the scope of this book. This section covers the other three methods.
Using the Event ...
Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.