Deep into Windows Server 2008 self-monitoring

In order to experience the unique trial feeling of Windows Server 2008 system, I believe that many users create conditions and strong behaviors to upgrade their own computers. Although the system's operational stability and security performance have been significantly improved, but today's Internet virus and Trojan crazy, Windows Server 2008 system will still be subject to a variety of security threats, such as core shared content Being remotely modified, the system being illegally invaded, etc. In fact, many security threats have some signs before they actually happen. If we can monitor these suspicious signs in time, we can eliminate the security risks, then what should we take? Measures to automatically monitor suspicious events on Windows Server 2008 systems? Such tasks can be easily done under Windows Server 2008, because the system adds a "task attach to event" function, we can dig deeper into this function. To achieve the purpose of self-monitoring of Windows Server 2008 system!

Self-monitoring ideas

Everyone knows that every Windows system comes with an event viewer program, but it is different from the traditional operating system. Yes, the Windows Server 2008 system will use the common task scheduling features. Into the event viewer program, with the support of this feature, we can attach a task plan to the special system events in the server system, so that the running task reminds us at the moment of the special system event; when Windows When a system event in the Server 2008 system that needs to be monitored actually occurs, the specific task plan attached to the system event can be automatically triggered, and then it can remind us to take countermeasures according to the preset method. In this way, the Windows Server 2008 system can complete the task of self-monitoring without the use of external tools.

According to the above ideas, we only need to enable auditing for system events that need to be monitored in Windows Server 2008 system to ensure that the system's event viewer program can automatically track and remember target system events, and then create a special one. System events, let the event viewer program automatically generate this event record, for example, we simply log off the system and log in again, then the Windows Server 2008 system event viewer program can automatically save the system login event memory, with specific After the event is recorded, we can use the “task attach to event” function to attach the automatic monitoring alarm information to the specific event record through the task plan. When the same system happens again in the future, the additional task plan will be Can be triggered automatically, we will receive the alarm information sent by the additional mission plan in time. After seeing the alarm information, the work we need to do is to take timely safety measures to prevent such system incidents with security threats. It happens again, that way Windows The security of the Server 2008 system has been further enhanced to some extent. For the convenience of description, this article takes the automatic monitoring system login event as an example to let the Windows Server 2008 system automatically monitor the illegal behavior of those who sneak into the system, and beware of malicious attackers secretly attacking the Windows Server 2008 system.

Previous 12 3 4 5 Next Read more