Secure Your Event Logs

Secure Your Event Logs

Keep your system's logs from being tampered with.

Windows has some powerful logging features. Unfortunately, if you're still running an older Windows system, such as a variety of Windows 2000, by default the event logs are not protected against unauthorized access or modification. You might not realize that even though you have to view the logs through the Event Viewer, they're simply regular files just like any others. To secure them, all you need to do is locate them and apply the proper ACLs.

Unless their locations have been changed through the Registry, you should be able to find the logs in the %SystemRoot%\system32\config directory. The three files that correspond to the Application Log, Security Log, and System Log are AppEvent.Evt, SecEvent.Evt, and SysEvent.Evt, respectively.

Now, apply ACLs to limit access to only Administrator accounts. You can do this by bringing up the Properties dialog for the files and clicking the Security tab. After you've done this, remove any users or groups other than Administrators and SYSTEM from the top pane.

 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows