System log migration prevents hackers from deleting records

In today's networks, the first choice for surfing the Internet is to prevent black spots. There are two types of results: one is that hackers break down in our rigorous three-dimensional defense, and the other is that hackers enter our system. What has it modified for us? What damage has it done? Experienced network administrators can find clues Through log files and collect security-related Network Intrusion Evidence (such as related IP addresses and logon accounts ).

Similarly, few hackers will use tools or manual methods to clear all log Content (commonly known as footprints or PP) during evacuation, or simply forge holiday logs. Therefore, you must be cautious about the protection of log files. A more feasible and simple method is to migrate log files and change their default paths to unexpected places.

　　1. view the default Log Path

Open Control Panel, Administrative Tools, computer management, and select "Event Viewer" in the left-side window. There are three options: "application", "security", and "system. Take the first "application" as an example. Right-click the application and select "properties". The default log storage path of Windows2000 is "c: winntsystem32configappevent" displayed in "log name. evt. The same applies to the other two items. 1.

Figure 1 modify the Computer Management settings next, the user creates a series of deep directories on the D disk to store new log files, such as D: 1234567. The naming principle is "the more humble, the better ".

　　Ii. Change the system registry

Click Start | run, enter regedit, and press enter to open the Registry Editor. Locate HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventlog, where all three logs are located. Take the application as an example. After "application" is selected, there is an item named "file" in the window on the right. Its raw data is "% systemroot % system32configappevent. evt ", that is, the default path and file name of the system. Double-click it and change it to "d: 1234567appevent" in the pop-up window. evt, and so on. Then, change the "file" key under Security and System to "d: 1234567secevent. evt "and" d: 1234567sysevent. evt ", and finally press F5 to refresh and close the registry. 2.

Figure 2 run the Registry Editor to copy and paste the appenvet. evt, secevent. evt, and sysevent. evt in the c: wintsystem32config folder to the new path d: 1234567. Restart the machine and insert the log file attributes in the Event Viewer window. The path name has been changed.

At this point, we have combined the firewall installed in the system with anti-virus software and trojan detection software for protection. Although the migration of log files cannot completely protect the system, hackers who are interested in log files can try it!