Logging all network events?

[lieb39]

Hello everyone,

Well my friend did posted a event on a calendar at school that he wasn't suppose to be able to, (Exchange server, web access) and he got caught. The IT administration found out by tracing his HTML requests to post it to the web server, now I have a question, how would they log this? Apparently they have a specialised server for just logging, but how do you think this would be done within a 2000/2003 Server environment with about 400 computers, 1000+ users plus.

Thanks,

lieb39

[ariel]

Don?t all web servers have logging capabilities:laugh:h::ninja:a:

[John Veteran]

Yeah, IIS/Apache both have built in logging. Log whatever you like and store the log file on another server if you need to.

[lieb39]

Hmm what do you guys think of logging, i mean within a school I can see it being needed - for obvious reasons. But just for at home? I also run a webserver from my house, that quite a few people access for various reasons - including email.

Thanks,

lieb39

[John Veteran]

Well it's always useful to figure out what you're doing wrong... Also, if you don't lock down your machine properly and end up getting hacked (unlikely for a home server) you could at least see what you did wrong.

[ariel]

It is also good to see who is accessing your server and how many. I myself am surprise at what accesses my server.

[Aaron P]

Here's what I don't get. If your friend wasn't supposed to access the calendar, why did he still have right to be able to do so? Why is this his fault if his account has access to the calendar?

[lieb39]

Here's what I don't get. If your friend wasn't supposed to access the calendar, why did he still have right to be able to do so? Why is this his fault if his account has access to the calendar?

585871349[/snapback]

Well the IT guys were quite relaxed about the entire security, and when this was done they got hell from the high administration. My friend's actions were classifield as hacking, really stupid.

Ah well,

lieb39

[Bushrat]

Well,

The school would most likely have a proxy connected to a router.

The router obviously gives the proxy interweb access and the proxy controls/manages/logs internet access.

There maybe multiple proxies on the network for different groups of computers etc.

The IT fellas can open up the logs, and use a prog to scan through the logs for words that are offensive etc.