Network Management should be a key part of any technology or IT department

March 24th, 2011

It is true that the best network management tools add automation, performance trending, notification, remote access or other features AND usually cost money. 

However, most host operating systems (like Windows Server and desktop OS) and devices (like Cisco, Sonicwall, Fortinet and others) include a logging facility that can be configured as a “free” starting point for your technology.  I plan to post several articles on Network Management to help you get started.

ACTION ITEM:  If you are the business owner, ask your technologist to show you your server logs and discuss events.  If you are an engineer, do some research and make sure you are getting the most out of your logs.

Configuring System Logging in Windows environment:

The first thing you want to do to take advantage for Event Logging is to configure your Audit Policy.  This helps determine what information you want to notice.  You can use Group Policy to record when certain categories of events occur.  You can choose to record SUCCESS of an event, a FAILURE or choose NOT AUDITING.

EXAMPLE:  For example, you might want to record when someone successfully changes a password using SUCCESS in category ACCOUNT MANAGEMENT.  Or you might choose to record FAILURE on POLICY CHANGES to catch someone attempting to escalate access. 

Once you have applied your policy, your logs will start gathering information over time. I usually recommend also increasing your default APPLICATION log size to something like 64MB on Exchange Servers, SQL Servers, Backup servers and other systems where you might generate more events or want to look back further at a history.  I list the categories below, but there are more details on each category in the links below.

CATEGORIES OF EVENTS:

  • Account logon events.
  • Account management.
  • Directory service access.
  • Logon events.
  • Object access.
  • Policy change.
  • Privilege use.
  • Process tracking.
  • System events.

STEVE”S REFERENCE LINKS

Audit Policy

http://technet.microsoft.com/en-us/library/cc766468(WS.10).aspx

Event Log Settings

http://support.microsoft.com/kb/957662


Leave a comment!

Your email address will not be published.