作者:111wen_292 | 来源:互联网 | 2023-05-17 22:21
我的机器名字是QUINTUS。NONUS是同一个机房的机器。我发现了大量的这种日志。难道被入侵了?我开了远程桌面。NONUS机器是打印服务器。难道我在打印的时候产生了这些日志?是我访问了NON
我的机器名字是QUINTUS。 NONUS是同一个机房的机器。我发现了大量的这种日志。难道被入侵了? 我开了远程桌面。NONUS 机器是打印服务器。难道我在打印的时候产生了这些日志? 是我访问了NONUS,而不是它访问了我?!!!
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 2007-5-20
Time: 15:15:55
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: QUINTUS
Description:
Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x2BA7417)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: NONUS
Logon GUID: {00000000-0000-0000-0000-000000000000}
7 个解决方案
那怎么区别 正常登陆机器的 login呢?
下面是我用账号登陆的日志:
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 528
Date: 2007-5-20
Time: 17:56:06
User: QUINTUS\Chen Wang
Computer: QUINTUS
Description:
Successful Logon:
User Name: Chen Wang
Domain: QUINTUS
Logon ID: (0x0,0x13403)
Logon Type: 2
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: QUINTUS
Logon GUID: {00000000-0000-0000-0000-000000000000}
User Name:Chen Wang // 使用名 cheng wang
Domain:QUINTUS 网域 //QUINTUS
Logon ID:(0x0,0x13403)
Logon Type:2
Logon Process:User32
Authentication Package:Negotiate
Workstation Name:QUINTUS //工作组名
大致已经很清楚了.. 远程登陆是有记录的, 比如登陆用户名,访问时间,稽核时间, 这些可以看的出来的.