other than our S and M P. We also have a couple of tools that we can use in order to view events that are going on on our network. One of them is going to be our CIS log. Now assist log. We can set up a server which receives sis log sis long errors, and we have our devices configured to send alerts and errors to our CIS log server.
And those alerts and errors air put in our system log file stands for system log files.
the message that the messages that we receive are goingto specify which program logged the air, the severity of the air, and we'll also include the error itself, because that's very helpful. Now. These one thing about CeCe log that we do need to be aware of is that CeCe Log does not have
encryption or doesn't have MD five or show hash is like our
S and M P Version three can have. So these messages might be spoofed, which means that someone who isn't
who they say they are could be sending us those messages pretending that there's someone else. Now it's if they were sending us air messages that were spoofed air messages that weren't actually really well, that's just more annoying. But if it's someone who's actually being malicious and they are going in
and spoofing messages that everything is a okay,
then that's not quite. It's fine. That's not just it's not just annoying anymore. That's actually an intrusion into our network. That's well, the other is an intrusion into our network to, but this one is actually much more serious. They're not just spoofing air messages to be a nuisance. They're actually spoofing a okay messages
while they're actually going into that device, and they're actually
waking havoc. So we need to be aware that those messages might be spooked, that those messages can be spoofed on. And that we that unless we have some form of verification that those messages might not be from who they who we think that they are. Now this sis log file. We can use additional software
to parse through and analyze this file.
We just have one giant file filled with air messages and alert and warning messages from AH 100 devices. Then it's not gonna be a fun day when we have to sit down and parse through all of that manually. Chances are if we're looking through that much data at one time anyway,
that much useless data is going to flood out anything that might actually be
any importance to us. So it may be a good investment, especially in a large enterprise environment. If we're using sis log in order to get certain soft, specialized software that can automatically parse through and analyze that for us, remove the junk and then let us whittle down to
what actually is important so we can view that and manually have someone take care of that information
on our windows side of the house. We have our event viewer. Now then viewer is going to give us let us access logs and event and see events that occur and that our log to our Microsoft Event viewer now our event viewer, we can view the events that occurred on our local machine.
Well, we can use event viewer to view the events that occurred on remote machines,
so we're not just limited much like cece log. We're not just limited to the events that happened on our on our local machines. We can also have remote machines configured so that weaken view their events
Now. Event log. We can sort through the different events based on the log type or the different severity ease of the events we can view. The different severity is which come in information, warning and errors. Information is just informational about what's been going on. What's happened.
Warnings are okay, so the little bit of an area of concern nothing
immediately. Bad. But it's something you need to be aware of. And then errors are something's gone wrong. And then we also have something called security events where may not They may not necessarily be good or bad, but there's something that we chose to audit such a successful user log ins.
And we chose that. We want those to be audited because we want to receive that security notification that someone logged in
or someone tried to tried to log in and gave the wrong password.
we can also set up custom event viewer logs, or we can set up specific tasks or specific computers to audit so we can create custom logs that are beyond just thes standard default logs, and we can use these custom logs just to see the events that we want to audit.
We'll talk a little bit more about the the default of it, your logs in just a bit.
But just now, as an overview, we just need to know that if the event viewer allows us to see events, warning errors, information that occurred on our local or remote computers, and we can also see security events, we can set up custom logs
and we can see certain events that we want to audit. Make sure that we check out when those happen.