Log (Network Steve Forum)

Log

Boa tarde, ocorreu um problema na empresa ontem. Foi alterado o gateway do ad e apagado alguns logs. Eu utilizo um software (Snare) para um servidor de log. E o que ele registrou nos dois ultimos logs foi isso: Feb 22 14:01:01 servidorad.servidor.local MSWinEventLog#0113#011Security#01116902892#011Tue Feb 22 14:00:58 2011#0115156#011Microsoft-Windows-Security-Auditing#011Unknown User#011N/A#011Success Audit#011servidorad.servidor.local#01112810#011#011The Windows Filtering Platform has allowed a connection. Application Information: Process ID: 572 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: %%14592 Source Address: 172.16.1.7 Source Port: 88 Destination Address: 172.16.1.30 Destination Port: 3002 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: %%14610 Layer Run-Time ID: 44 #01116879807 Feb 22 14:01:54 servidorad.servidor.local MSWinEventLog#0113#011Security#01116905016#011Tue Feb 22 14:01:52 2011#0115156#011Microsoft-Windows-Security-Auditing#011Unknown User#011N/A#011Success Audit#011servidorad.servidor.local#01112810#011#011The Windows Filtering Platform has allowed a connection. Application Information: Process ID: 572 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: %%14592 Source Address: 172.16.1.7 Source Port: 88 Destination Address: 172.16.1.30 Destination Port: 4557 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: %%14610 Layer Run-Time ID: 44 #01116881931 Alguém poderia me ajudar a entender o significado deste log? Ou se tem alguma idéia de como descobrir como ocorreu a alteração, se foi por usuário ou por hardware. Tudo indica que foi usuário pois alguns logs foram deletados. Obrigado

February 23rd, 2011 1:36pm

Hello, This forum is for english language. Please ask the questions in english. Thanks

Free Windows Admin Tool Kit Click here and download it now

February 23rd, 2011 4:36pm

Hi, Please understand this TechNet forum is for English support only. Thus, we are not the best resource to troubleshoot the issue. I suggest having the discussion in the forum for your language. Thank you for your understanding. Tim Quan

February 23rd, 2011 8:52pm

This topic is archived. No further replies will be accepted.