 |
Vanstechelman.eu | |
|
|
Navigation
My posts on Twitter
- lvanstechelman: For Better Password Policies: OWASP Passfault http://t.co/Tyzk2z6V
- lvanstechelman: XSS attack vector: Eval a url http://t.co/XbbtbivM
- lvanstechelman: New Product: Google Drive http://t.co/OlfyF4oO
- lvanstechelman: @ZIONSECURITY According to http://t.co/i073PUwc the attribute must case-insensitively match the string "HttpOnly"
- lvanstechelman: @ZIONSECURITY My logs contain requests containing the GET parameters like requested by the end-user e.g. /user/login?destination=node%2F1
Group Policy Settings - Security Settings - Event Log
- Maximum application log size
This security setting specifies the maximum size of the application event log, which has a maximum of 4 GB.
Notes
Log file sizes must be a multiple of 64 KB. If you enter a value that is not a multiple of 64 KB, Event Viewer will set the log file size to a multiple of 64 KB.
This setting does not appear in the Local Computer Policy object.
Event Log size and log wrapping should be defined to match the business and security requirements you determined when designing your enterprise security plan. Consider implementing these Event Log settings at the site, domain, or organizational unit level, to take advantage of Group Policy settings.
Default: For the Windows Server 2003 family, 16 MB; for Windows XP Professional Service Pack 1, 8 MB; for Windows XP Professional, 512 KB. - Maximum security log size
This security setting specifies the maximum size of the security event log, which has a maximum size of 4 GB.
Notes
Log file sizes must be a multiple of 64 KB. If you enter a value that is not a multiple of 64 KB, Event Viewer will set the log file size to a multiple of 64 KB.
This setting does not appear in the Local Computer Policy object.
Event Log size and log wrapping should be defined to match the business and security requirements you determined when designing your enterprise security plan. Consider implementing these Event Log settings at the site, domain, or organizational unit level, to take advantage of Group Policy settings.
Default: For the Windows Server 2003 family, 16 MB; for Windows XP Professional Service Pack 1, 8 MB; for Windows XP Professional, 512 KB.
This security setting specifies the maximum size of the system event log, which has a maximum size of 4 GB.
Notes
Log file sizes must be a multiple of 64 KB. If you enter a value that is not a multiple of 64 KB, Event Viewer will set the log file size to a multiple of 64 KB.
This setting does not appear in the Local Computer Policy object.
Event Log size and log wrapping should be defined to match the business and security requirements you determined when designing your Enterprise Security Plan. Consider implementing these Event Log settings at the site, domain, or organizational unit level, to take advantage of Group Policy settings.
Default: For the Windows Server 2003 family, 16 MB; for Windows XP Professional Service Pack 1, 8 MB; for Windows XP Professional, 512 KB.
This security setting determines if guests are prevented from accessing the application event log.
Notes
This setting does not appear in the Local Computer Policy object.
This security setting affects only computers running Windows 2000 and Windows XP.
Default: Enabled.
Prevent local guests group from accessing security log
This security setting determines if guests are prevented from accessing the security event log.
Notes
This setting does not appear in the Local Computer Policy object.
This security setting affects only computers running Windows 2000 and Windows XP.
A user must possess the Manage auditing and security log user right to access the security log.
Default: Enabled.
This security setting determines if guests are prevented from accessing the system event log.
Notes
This setting does not appear in the Local Computer Policy object.
This security setting affects only computers running Windows 2000 and Windows XP.
Default: Enabled.
This security setting determines the number of days' worth of events to be retained for the application log if the retention method for the application log is By Days.
Set this value only if you archive the log at scheduled intervals and you make sure that the Maximum application log size is large enough to accommodate the interval.
Notes
This setting does not appear in the Local Computer Policy object.
A user must possess the Manage auditing and security log user right to access the security log.
Default: None.
This security setting determines the number of days' worth of events to be retained for the security log if the retention method for the security log is By Days.
Set this value only if you archive the log at scheduled intervals and you make sure that the Maximum security log size is large enough to accommodate the interval.
Note: This setting does not appear in the Local Computer Policy object.
Default: None.
This security setting determines the number of days' worth of events to be retained for the system log if the retention method for the system log is By Days.
Set this value only if you archive the log at scheduled intervals and you make sure that the Maximum system log size is large enough to accommodate the interval.
Note: This setting does not appear in the Local Computer Policy object.
Default: None.
This security setting determines the "wrapping" method for the application log.
If you do not archive the application log, in the Properties dialog box for this policy, select the Define this policy setting check box, and then click Overwrite events as needed.
If you archive the log at scheduled intervals, in the Properties dialog box for this policy, select the Define this policy setting check box, and then click Overwrite events by days and specify the appropriate number of days in the Retain application log setting. Make sure that the Maximum application log size is large enough to accommodate the interval.
If you must retain all the events in the log, in the Properties dialog box for this policy, select the Define this policy setting check box, and then click Do not overwrite events (clear log manually). This option requires that the log be cleared manually. In this case, when the maximum log size is reached, new events are discarded.
Note: This setting does not appear in the Local Computer Policy object.
Default: None.
This security setting determines the "wrapping" method for the security log.
If you do not archive the security log, in the Properties dialog box for this policy, select the Define this policy setting check box, and then click Overwrite events as needed.
If you archive the log at scheduled intervals, in the Properties dialog box for this policy, select the Define this policy setting check box, and then click Overwrite events by days and specify the appropriate number of days in the retain security log setting. Make sure that the Maximum security log size is large enough to accommodate the interval.
If you must retain all the events in the log, in the Properties dialog box for this policy, select the Define this policy setting check box, and then click Do not overwrite events (clear log manually). This option requires that the log be cleared manually. In this case, when the maximum log size is reached, new events are discarded.
Note: This setting does not appear in the Local Computer Policy object.
Default: None.
This security setting determines the "wrapping" method for the system log.
If you do not archive the system log, in the Properties dialog box for this policy, select the Define this policy setting check box, and then click Overwrite events as needed.
If you archive the log at scheduled intervals, in the Properties dialog box for this policy, select the Define this policy setting check box, and then click Overwrite events by days and specify the appropriate number of days in the Retain system log setting. Make sure that the Maximum system log size is large enough to accommodate the interval.
If you must retain all the events in the log, in the Properties dialog box for this policy, select the Define this policy setting check box, and then click Do not overwrite events (clear log manually). This option requires that the log be cleared manually. In this case, when the maximum log size is reached, new events are discarded.
Note: This setting does not appear in the Local Computer Policy object.
Default: None.