Task 9.2: Reviewing the Audit Logs

Once you have completed the implementation of an audit policy, you must implement a standard monitoring routine. This is often a huge challenge. Audit logs are recorded in the Security log in Event Viewer and can record thousands of events each day, or even each hour. You may have many systems to monitor, and this easily becomes an overwhelming task. Many organizations acquire third-party software to retrieve, analyze, and report on audited events for a network environment. These software tools are essential in many cases, and can cost just a little—or a lot.

Securing your audit logs is a major concern as well. The employee agreement for all network administrators should include a requirement that every log ...

Get Security Administrator Street Smarts: A Real World Guide to CompTIA Security+™ Skills, Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.