| Home |
| Solutions |
| ESBus Framework |
| Framework Diagram |
| ESBus Integrator |
| ESBus History |
| ESBus Auditor |
| ESBus LAUA Auditor |
| ESBus Windows Auditor |
| ESBus Scheduler |
| ESBus Session Manager |
| ESBus Extensibility |
| Services |
| Clients |
| Collateral & Demos |
| Contact Us |
|
|
HOME … SOLUTIONS … WINDOWS AUDITOR |
With the ESBus Windows Auditor, you have the ability to audit any and
all of your Windows 2000 and Windows 2003 servers for Security Events
anywhere within your enterprise.
These events are passed into the ESBus Framework
just like any other event or transaction, opening up these events to any
auditing, integration,
or any of the other other functionalities that
ESBus provides.
A raw ESBus Audit log for a failed Windows Logon event can be seen below.
Of course, style, formatting and protocol (i.e. file system, database, email) can be
easily modified within the ESBus Environment Setup to meet your needs.
_________________________BEGIN TRANSACTION_____________________________
ESBUS TRANSACTION AUDIT [USER AUDIT FOR paul]
DATE: Mon Jan 17 10:57:28 CST 2005
USER: paul
ADDRESS: 127.0.0.1
MSG: ESBUS ENTERPRISE AUDIT [WindowsSecurityChange]
PARAMETERS:
CATEGORY_DESC :[Account Logon]
TIME :[20050117105719.000000-360]
CATEGORY :[9]
USER :[NT AUTHORITY\SYSTEM]
MESSAGE :[The logon to account: administrator
by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
from workstation: WALLEYE
failed. The error code was: 3221225578]
COMPUTER_NAME :[WALLEYE]
ESBUS_MAP :[WindowsSecurityChange]
LOGFILE :[Security]
TYPE :[audit failure]
RECORDNUMBER :[175]
EVENT_CODE :[681]
ORIGINATING_RESOURCE :[PASSBACK]
SOURCE :[Security]
ATTRIBUTES:
|
|
