Windows NT has 3 types of logs:
Application Log - Contains events reported by various applications installed on the Windows NT server. These can be Microsoft or 3-rd party applications.
Security Log - Contains all the auditing and security events.
System Log - Contains events reported by Windows NT system components (processes, kernel, drivers.
Windows 2000 Servers configured with Active Directory or just DNS has 3 additional logs:
Directory Service - Contains events reported by Active Directory
DNS Server - Contains events reported by Microsoft Windows 2000 DNS Server.
File Replication Service - Contains events reported by Microsoft FRS Service.
Note: Win2K Professional cannot read any of the DNS/FRS/DS logs, unless the Admin pack is installed.
NT/2000 Event logs contain 5 types of events:
Information - An event that describes the successful operation of an application, driver, or service. For example, when a network driver loads successfully, an Information event will be logged.
Error - A significant problem, such as loss of data or loss of functionality. For example, if a service fails to load during startup, an error will be logged.
Warning - An event that is not necessarily significant, but may indicate a possible future problem. For example, when disk space is low, a warning will be logged.
Success Audit - An audited security access attempt that succeeds. For example, a user's successful attempt to log on to the system will be logged as a Success Audit event.
Failure Audit - An audited security access attempt that fails. For example, if a user tries to access a network drive and fails, the attempt will be logged as a Failure Audit event.
Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.
Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.