Скачать в pdf «Network+»

As you can see, this log looks similar to the System Log in most respects. The main differences are the icons and the types of events recorded here. To view the detail for an event, double-click it.

The Security Log displays two types of events:

■    Success Audit (the event passed the security audit)

■    Failure Audit (the event failed the security audit)

Figure 10.7 shows the icons associated with each of these types of events. When an item fails a security audit, something security-related failed. For example, a common entry (assuming the Logon Failure check box is checked in the Audit Policy dialog box) is a Failure Audit with a value of Logon/ Logoff in the category. This means that the user failed to log on. If you look at the log shown previously in Figure 10.6, you can see that a user successfully logged on as administrator and that no failures have occurred.

FIGURE 10.7 The Security Log event types and their associated icons

Success Audit Failure Audit

This log is especially useful in troubleshooting when someone can’t access a resource. If your domain security policy has been set to log Failures of Use of User Rights, you can see every instance of a user not having enough rights to access a resource. The username appears in the User column of the Failure Audit event for the resource the user is trying to access.

The Application Log

This log is similar to the other two logs, except that it tracks events for network services and applications (for example, SQL Server and other BackOffice products). It uses the same event types (and their associated icons) as the System Log. Figure 10.8 shows an example of an Application Log.

Скачать в pdf «Network+»