Windows NT Event Logging

Too few Windows NT system administrators, security administrators, and developers have the in-depth knowledge of the NT event logs they need to troubleshoot their systems and protect the security of those systems. This book fills the gap by explaining what's in the logs and how you can use them to best advantage. In the event logs you'll find: Troubleshooting information-You can use the logs to determine whether a system or network is experiencing problems-and why. For example, the logs may show a disk drive or swap file filling to capacity, the failure of a power supply, or a device driver failing to load properly. Resource tracking information-You can use the logs to track the capacity and usage of system resources (e.g., disk space crossing a threshold, print spooler activity, the duration of specific applications, etc.). Security information-The logs are key to NT system security. You can select the security-relevant events you want audited (e.g., users logging on and off, changes to system security and user privileges, and attempts to access files, directories, and other objects). And you can track and analyze events stored in the logs as a way of determining if unauthorized users are trying to get into your system or if authorized users are exceeding their authority. This book contains extensive examples of reading, writing to, and maintaining the event logs using C, C++, Microsoft Foundation Classes, Visual Basic 5, Microsoft J++, and Perl 5 for Win32. It comes with a CD-ROM containing a wealth of sample code and third-party software tools and demos.