Loading ...
Sorry, an error occurred while loading the content.

[techbooks] REVIEW: "Windows NT Event Logging", James D. Murray

Expand Messages
  • Rob Slade, doting grandpa of Ryan and Tr
    BKWNTEVT.RVW 981101 Windows NT Event Logging , James D. Murray, 1998, 1-56592-514-9, U$32.95/C$48.95 %A James D. Murray %C 103 Morris Street, Suite A,
    Message 1 of 1 , Jan 13, 1999
    • 0 Attachment
      BKWNTEVT.RVW 981101

      "Windows NT Event Logging", James D. Murray, 1998, 1-56592-514-9,
      %A James D. Murray
      %C 103 Morris Street, Suite A, Sebastopol, CA 95472
      %D 1998
      %G 1-56592-514-9
      %I O'Reilly & Associates, Inc.
      %O U$32.95/C$48.95 707-829-0515 fax: 707-829-0104 nuts@...
      %P 316 p. + CD-ROM
      %T "Windows NT Event Logging"

      I have a SCSI drive. For some reason this fact generates an event
      every time I start my NT machine. Event logging and auditing plays a
      role at least as central to data security as does encryption. At one
      time I worked for an outfit whose product was the basis of a theft
      retrieval system. Obviously our data did not age well, so event traps
      were written to alert the system administrator as soon, and in as many
      different ways, as possible. At the moment I am reviewing a product
      that is failing in a very consistent manner. Unfortunately, I can't
      get enough information about the manner, because I haven't yet found
      an event log that gets written in regard to this problem.

      Administrators of mini and larger machines, and of course all security
      mavens, will be well familiar with the concept of event logging,
      although many desktop users and support people will be new to the
      idea. Murray has written a valuable, though not easy, book to cover
      the issue.

      Chapter one explains what event logging is, and how it is used in
      troubleshooting, resource tracking, and security. It also provides
      details of the WinNT event logs, and their use. The event logging
      service and its functions are treated in chapter two. Event Viewer
      operation is detailed in chapter three, complete with a list of
      annoyances and limitations. Chapter four goes into considerable
      detail regarding security auditing, and discusses the famous (or
      infamous) C-2 security standards.

      Chapter five provides programmers with details of the Event Logging
      API (Application Programming Interface). Event logs themselves do not
      hold messages as such, and so message files must be created, as is
      outlined in chapter six. You may wish to access the event logs
      outside of the standard Event Viewer application, so chapter seven
      provides sample code to indicate how this is done. Reporting events
      is covered for a variety of languages in chapter eight.

      The appendices contain much useful information. A has a list of
      resources for further information. A number of them are quite
      generic, but there is a compendium of useful titles of interest in the
      Microsoft Knowledge Base. Event logging under Windows for Workgroups
      is covered in B. WinNT security events are detailed in C. D provides
      a description of the DumpEl utility. Kernel mode logging is described
      in E.

      Although I had many reasons to be personally interested in the topic,
      I must say that I found the book very heavy going. In addition the
      structure, while not disorganized, sometimes seems to lack focus, and
      the reader needs to go to a number of chapters to find information on
      a single topic. Whatever its minor faults, however, this work
      contains significant data and advice on a very important topic for
      programmers, support people, administrators, and, yes, even users.

      (Besides, how can I resist a book illustrated with a castor canadensis
      on the cover?)

      copyright Robert M. Slade, 1998 BKWNTEVT.RVW 981101

      rslade@... rslade@... robertslade@... p1@...
      Find virus, book info http://victoria.tc.ca/int-grps/techrev/rms.html
      Robert Slade's Guide to Computer Viruses, 0-387-94663-2 (800-SPRINGER)

      eGroup home: http://www.eGroups.com/list/techbooks
      Free Web-based e-mail groups by eGroups.com
    Your message has been successfully submitted and would be delivered to recipients shortly.