[BBLISA] Samba PDC, Win XP, and audit logging?
Scott Ehrlich
scott at MIT.EDU
Thu Nov 8 02:37:00 EST 2007
I have several Windows XP machines that are domain members of a Samba PDC
running under RedHat Enterprise 5 Server, installed with out-of-box RedHat
media.
Detailed audit logging is enabled on the Windows machines.
My question is this - if I find an entry in the Windows XP Event Viewer
Security log, does that reflect anywhere on the linux audit logs?
I found one entry in the XP logs I wanted to investigate further. I visited
the audit logs on the linux box and filtered with ausearch, but there was no
corresponding date/time stamp entry.
The Windows XP machines have been patched for the change in Daylight Savings
Time.
So do only the Windows machines make note of the login/logout security audits,
or do I need to look somewhere else on the linux audits for corresponding
login/logout entries from domain logins?
Thanks.
Scott
More information about the bblisa
mailing list