BKWNTEVT.RVW 981101 "Windows NT Event Logging", James D. Murray, 1998, 1-56592-514-9, U$32.95/C$48.95 %A James D. Murray %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 1998 %G 1-56592-514-9 %I O'Reilly & Associates, Inc. %O U$32.95/C$48.95 707-829-0515 fax: 707-829-0104 nuts@ora.com %P 316 p. + CD-ROM %T "Windows NT Event Logging" I have a SCSI drive. For some reason this fact generates an event every time I start my NT machine. Event logging and auditing plays a role at least as central to data security as does encryption. At one time I worked for an outfit whose product was the basis of a theft retrieval system. Obviously our data did not age well, so event traps were written to alert the system administrator as soon, and in as many different ways, as possible. At the moment I am reviewing a product that is failing in a very consistent manner. Unfortunately, I can't get enough information about the manner, because I haven't yet found an event log that gets written in regard to this problem. Administrators of mini and larger machines, and of course all security mavens, will be well familiar with the concept of event logging, although many desktop users and support people will be new to the idea. Murray has written a valuable, though not easy, book to cover the issue. Chapter one explains what event logging is, and how it is used in troubleshooting, resource tracking, and security. It also provides details of the WinNT event logs, and their use. The event logging service and its functions are treated in chapter two. Event Viewer operation is detailed in chapter three, complete with a list of annoyances and limitations. Chapter four goes into considerable detail regarding security auditing, and discusses the famous (or infamous) C-2 security standards. Chapter five provides programmers with details of the Event Logging API (Application Programming Interface). Event logs themselves do not hold messages as such, and so message files must be created, as is outlined in chapter six. You may wish to access the event logs outside of the standard Event Viewer application, so chapter seven provides sample code to indicate how this is done. Reporting events is covered for a variety of languages in chapter eight. The appendices contain much useful information. A has a list of resources for further information. A number of them are quite generic, but there is a compendium of useful titles of interest in the Microsoft Knowledge Base. Event logging under Windows for Workgroups is covered in B. WinNT security events are detailed in C. D provides a description of the DumpEl utility. Kernel mode logging is described in E. Although I had many reasons to be personally interested in the topic, I must say that I found the book very heavy going. In addition the structure, while not disorganized, sometimes seems to lack focus, and the reader needs to go to a number of chapters to find information on a single topic. Whatever its minor faults, however, this work contains significant data and advice on a very important topic for programmers, support people, administrators, and, yes, even users. (Besides, how can I resist a book illustrated with a castor canadensis on the cover?) copyright Robert M. Slade, 1998 BKWNTEVT.RVW 981101