Good List of Regulatory Requirements for Logging

My friend Dr. Tina Bird has put together a good list of regulatory requirements that pertain to logging and log retention.

Comments

• Anonymous
  July 23, 2007
  Sorry, this is unrelated and depends on technical support. I want to know if you could link in a future post to event logging support resources (newsgroup, faqs etc..). I'm encountering system event log corruption and I want to obtain help, information and support for it. Regards,

• Anonymous
  July 23, 2007
  Hey Sebastian, I have a post on my sources here: http://blogs.msdn.com/ericfitz/archive/2007/02/06/where-do-i-get-my-information-on-windows-auditing.aspx But our main support page is here: http://support.microsoft.com/ The main support page has links to our faqs, knowledge base, and our communities site, which in turn has our newsgroups, etc. Best regards, Eric

• Anonymous
  July 24, 2007
  Thanks for those. I read them already but haven't found any topics regarding log's integrity. I keep on searching.

• Anonymous
  July 24, 2007
  Here you go: http://support.microsoft.com/kb/172156 There are a couple of bugs that resulted in an erroneous corrupt event log file message; you can find these in the Knowledge Base, but they are older issues on Windows 2000 and Windows XP and if you're running recent service packs then those are probably not your problem. The event log team does not publish the evt file format specification so there is not much else you can do except delete the log files (or move them elsewhere).  You could examine them with a hex editor I suppose, but since they're in a binary format they're not very readable.