KFSensor

 

Event Log Alerts

Use the Event Log Alerts dialog box to configure the sending of alerts to a Windows Event Log.

In addition to recording events in the event log and providing audio and system tray alerts, KFSensor is able to add events to the local machine's Event Log.

This option is not available on Windows 98 and Windows Me.

The Event Log is used to record events such as the starting of services and audit failures on the local machine.
The KFSensor server always records its start up and shut down events to the Event Log.

There are two advantages to recording intrusion events to the Event log:
  1. The Event Log may be viewed from another computer, providing a user has the correct permissions.
  2. There are applications that monitor the Event Logs on a network to provide unified reporting of events.

The Alerts section of the Concepts part of the manual describes the different alert options in more detail.

Event Log

  • Enable
    If this option is checked the Event Log alert feature will be enabled and the rest of the settings must contain correct values for the alerts to work.
  • Max Binary
    An event in the Event Log can contain a binary block of data in addition to the message itself.
    KFSensor will add the received data as the events binary field. This setting limits the amount of data that can be stored in this field.

Filter

These options are used to restrict the number of events sent so as not to overload your Event Log.
  • Severity
    This limits the sending of alerts based on the severity of the event.
    e.g. If set to Medium then only events with a Medium or High severity will generate alerts.

Buttons

In order to display the KFSensor events correctly the Event Log needs to be configured with the location of a special message file, which contains the text for the events.
This is done automatically as part of the KFSensor installation. It can also be done using these controls.
  • Configure
    Configures the Event Log to recognize KFSensor messages.
  • Remove
    Removes the ability of the Event Log to recognize KFSensor messages.

Related Topics


KFSensor On-Line Manual Contents