Differences

This shows you the differences between two versions of the page.

--- slapdash:windows_logging [2017/04/26 13:08] – [Terminology] mgupton
+++ slapdash:windows_logging [2023/03/21 16:41] (current) – mgupton
@@ Line 1: / Line 1: @@
 ======Windows Logging (Slapdash)======
-======wevtutil======
+<WRAP round info>
-  * //wevtutil// is a bulit-in Windows command that can query the Windows event log.
+This is a slapdash, slipshod, scattershot, quick-n-dirty, ephemeral article.
-  * [[http://technet.microsoft.com/en-us/library/cc732848(v=ws.10).aspx|wevtutil]]
+</WRAP>
-  * [[http://ss64.com/nt/wevtutil.html]]
-====Terminology====
+======Terminology======
   * Windows Event Log
   * channels
@@ Line 11: / Line 10: @@
   * providers
   * streams
+======wevtutil======
+  * //wevtutil// is a bulit-in Windows command that can query the Windows Event Log.
+  * [[http://technet.microsoft.com/en-us/library/cc732848(v=ws.10).aspx|wevtutil]]
+  * [[http://ss64.com/nt/wevtutil.html]]
+======Specific Events of Note======
+  * [[Windows Administrator Activity Events]]
 ======Listing Log Channels and Publishers======
 ====Enumerate a list of all log channels====
 <code>
@@ Line 403: / Line 411: @@
 reg query hklm\system\currentcontrolset\services\eventlog
 </code>
-======Resources======
-  * [[https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx]]
 ======To Explore======
@@ Line 573: / Line 580: @@
 logman query providers
 </code>
+======Resources======
+  * [[https://www.ultimatewindowssecurity.com/|Ultimate Windows Security]]. Randy Franklin Smith's site. Good info for security related logging.
+      * webinars
+      * forum
+  * [[https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx]]
+====== Windows Object Auditing ======
+  * #FIM
+  * [[https://github.com/OTRF/Set-AuditRule/blob/master/Set-AuditRule.ps1]]