We help IT Professionals succeed at work.

Explaination of Security Logs

itsmevic
itsmevic asked
on
Medium Priority
244 Views
Last Modified: 2013-12-04
Hello,

    I'm curious to truely log a person's logon's and logoff's what event ID codes would one need to monitor?  Throughout the day, I know it is not abnormal to have 50, 60, 70 logon and logoff's in a days time i.e. Event ID: 528, 540 and 538, but not all of these are from the user alone, some of these entries are caused by the network, system ect....  

    How can you truely tell though if through user logon/logoff intervention that person is logging in or logging off of their system, something that would prove without a shadow of a doubt electronically that they are in the building physically logging and logging off their system.   What event ID codes would signify this?  

     Also, would doing a Control + Alt + Delete and locking the system generate a logout event ID i.e. 538 ? I'm assuming if it did log it as a 538 that logging back into that machine from a lock would generate  an event ID of 528 or 540.
Comment
Watch Question

Security Samurai
CERTIFIED EXPERT
Top Expert 2006
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
jakosysadmin
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Thank you
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.