How To Use The Windows Event Viewer For Cyber Security Audit
HTML-код
- Опубликовано: 30 июл 2024
- How do you view system event logs on a Windows operating system?
Start learning Cybersecurity today! ➡️ www.cybertrainingpro.com/
In technology jobs, there is an overwhelming pressure to aggregate event logs for all systems in a single location. What happens when we have a security incident or need to troubleshoot an individual system that might not be connected to the network? With the Windows Event Viewer, we can view the local events even if the system is isolated. I am not saying that you will need to do this frequently in most environments, but there will be times in your career where you need this skill.
In this video, I am going to walk you through using the Windows Event Viewer so that you can analyze an individual system’s event logs. I will also show you how to filter specific events by ID, by log, and by application for additional flexibility. Do not let this simple task hold you back in your career!
Learn About Microsoft Server: amzn.to/3ehKBpr
Windows PowerShell Cookbook: amzn.to/3fZldp5
Learn Windows PowerShell in a Month of Lunches: amzn.to/3i7TqoC
Learn PowerShell Scripting in a Month of Lunches: amzn.to/2Z6tfps
Blog Post: www.jongood.com/how-to-use-th...
Make sure to watch the rest of the series on Windows Training For Cyber Security to better prepare you for joining the industry! • Windows Training For C...
=============================
Today’s Video Sponsor
=============================
Are you interested in sponsoring content? ➡️ jongood.com/sponsor
=============================
Popular Cybersecurity Resources
=============================
Getting Started Resources & Free eBook ➡️ www.jongood.com/getstarted/
Cybersecurity Q&A ➡️ • Cyber Security Q&A
Cybersecurity Projects ➡️ • Projects (Cybersecurity)
Cybersecurity Training & Career Services ➡️ www.CyberTrainingPro.com/
=============================
Cool Tech that I Use in My Studio
=============================
Gear List ➡️ jongood.com/affiliates/amazon/
=============================
Connect with me!
=============================
LinkedIn: ➡︎ / jongoodcyber
Twitter: ➡︎ / jongoodcyber
Instagram: ➡︎ / jongoodcyber
⏰ Timecodes ⏰
0:00 How To Use The Windows Event Viewer For Cyber Security Audit
2:13 Opening the Windows Event Viewer
3:20 Alternate way to open the Windows Event Viewer
4:01 Filter Event Logs
5:15 Custom Views For Event Logs
7:05 Question of the Day (QOTD)
=============================
#WindowsEventViewer #WindowsBasics #WindowsSecurity
DISCLAIMER: I am an ambassador or affiliate for many brands referenced on the channel. As an Amazon Associate, I earn a commission from qualifying purchases.
DISCLAIMER (MUSIC): I only use royalty-free music and sound effects. Наука
Resources to Learn Windows:
-Learn About Microsoft Server: amzn.to/3ehKBpr
-Windows PowerShell Cookbook: amzn.to/3fZldp5
-Learn Windows PowerShell in a Month of Lunches: amzn.to/3i7TqoC
-Learn PowerShell Scripting in a Month of Lunches: amzn.to/2Z6tfps
I am studying for my Comptia A+ exam and this video helped me understand something I was unclear on. Thank you.
Glad it helped and you are welcome!
This video helped me understand event viewer better, thanks!
Glad it helped and you are welcome!
Me too! But I there's something I have always wondered, how do you view upload and download history on Windows 8.1 and Windows 10? Always wanted to know because of my tendencies and frequent activites 😆
Hi Jon, thank you for the video :)!
I have a question about this. The event ID 4698 and the events of schtasks i can't see them, ¿why is it not displayed in the event viewer?
Thank you!
One of the best places to start with is the official Microsoft page for the event ID: learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4698
I have another question, Jon: Under the Task Category, I don't see Logon or Special Logon. I'm only seeing User Account Man... Does this mean that no external individual has logged onto my system?
If you have logon event auditing enabled then you will see any events related to it. docs.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-logon-events
Very informative, thanks for sharing Jon.
Glad it was helpful!
brief and precise, i didint know how to use event viewer until i saw this video
I'm glad that the video was helpful and thank you for watching!
Hi Is there any way to know what files are being copied from my laptop to a USB drive. It's timestamp and what folder or file copied... OR If copy log present in the system.
I recommend checking out this article on Microsoft: learn.microsoft.com/en-us/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices
please tell me how can i see which files did my windows defender skip during the scan with the help of event viewer or with other ways?
please explain step by step
I recommend looking at your Windows Defender logs.
Thank you Jon. That was Good!
Glad you enjoyed it!
Hello. Do you have a reference you would recommend for looking up event ID’s? Thanks
Here is the site that I recommend: www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx
@@JonGoodCyber thank you sir!
@@kcalderon03 no problem. Glad to help!
Can you tell us how can we convert the time format to UTC, for example, when we find a event Id and we have to write it in the forensic report it's very common to write the date and time in UTC format.
I recommend checking out this discussion thread: learn.microsoft.com/en-us/answers/questions/409485/event-viewer-entries-timestamp
I have a question and went to event viewer and few month ago I downloaded this application called solidworks. I deleted the application for solidworks but in the event viewer there is still a log file for SW any help? I just want to delete that log file. It’s under application and services 😭 I hate downloading school stuff on my personal gaming PC. I don’t want to clear the log I want to delete that log file***
Log files are files stored somewhere on your system so you just need to find where it's being stored and remove it. You could always clear whatever is in there too but a leftover log file isn't really impacting your system unless it's massive in size.
Hi , i have to define self 3 logging events that can be handy to trace security breachers, and who may see the logging, where is the logging stored en de data van the event,, how, who what, where why when ... i don’t understand what i should do and where should i search could you help me with one of those three, i have a bad teacher 😢
Here are two resources to get you started:
- www.beyondtrust.com/blog/entry/windows-server-events-monitor
- www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx
Hope its still relevant,i have a question to disable real time protection and find the event id(sounds simple) but when i do that the event id doesnot appear.. even when im in the local(configuration) any suggestions?
The first place I recommend referencing is the official Microsoft documentation ( learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus?view=o365-worldwide ).
thank you for your help...
You're welcome!
Thanks! for the video!
Regards!!!!
You are welcome! I'm glad you enjoyed the video.
Does event viewer clear it's own logons after so long or do you have to manually clear them out?
There are retention settings based on size such as overwriting oldest events first, archive when full (no overwrite), or do not overwrite. You can configure this by right clicking on the specific log (application, security, system, etc.) and select "Properties." You could also run a command with PowerShell to clear the logs, or schedule a task to do so ( docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/clear-eventlog?view=powershell-5.1 ).
@@JonGoodCyber thank you! Question- when I first downloaded event viewer I saw months of history with logons- I was looking at specifically 4624. I've been trying to see if my roommate has been accessing my profile on our shared computer. Recently, everything has been deleted. I can only see the last 2 days. I think someone went in and cleared the logs. Would event viewer suddenly start only saving the last 2 days of history by itself? Or would someone have to program it to do this? Thank you! I'm not computer savvy but I know enough to know that when one day something is there and the next it's not, it's suspicious.
@@kristinabrannon3693 If you don't have logon auditing enabled prior to that then it wouldn't store those events ( docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-logon ). Also, if logs are cleared then the system will generate an event and it will be present in the new set of logs. A really good website for referencing various Windows events is: www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4624
Hello Jon, i noticed that the event viewer no longer displays the username. how can we get the username for the event logon and logoff?
What exactly do you mean it no longer displays the username? I'm assuming you're referring to the column and if that's the case then you can right click on the name of one of the columns and add whichever ones that you'd like.
Thanks for this very interesting vidéo.
Glad you enjoyed it!
good content here, trying to do forensics on a windows event log file but it is really challenging, do you have any information how i can perform a step by step detailed forensic on windows event viewer log, thanks
Unfortunately I do not have any on hand. Your best bet is to grab a good book or course because that requires you to stay up to date. Here are some resources that might help you though:
-Book on Windows Forensics: amzn.to/34LOPUK
-Course on Windows Forensics: www.pentesteracademy.com/course?id=23
@@JonGoodCyber thanks very much
Also bears mentioning that you can add MMC snap-ins to view logs on remote computers in a domain. Super convenient as an admin
Yep absolutely and thank you for sharing!
how to collect and analyze i kmow but gow to store for future forensics is nuts for 3k maschines
Storage is definitely a major issue when it comes to logs. Sometimes you have to be selective about the events and information that you collect.
Hi,
Kindly be of help, how do I perform log analysis on Windows OS and Windows server
I recommend rewatching this video as this gives you a good introduction on how to perform a log analysis.
I have come across some events that occurred during the wee hours of the morning while I was sleeping. Is there a way for me to find out its location?
Yes! Search google for the ip address and it will give you more information.
I've been thinking of making a security audit script via powershell. Eventually I'll get around to it. Know of any good open source SIEM tools?
Here are a few for you:
-AlienVault OSSIM: cybersecurity.att.com/products/ossim
-SecurityOnion: securityonion.net/
-Elk Stack: www.elastic.co/what-is/elk-stack
Yeah wazuh wazuh.com/
Siemmonster siemonster.com/
Interesting...I hadn't heard of either of those before. I'm sure like a lot of the different tools that all the cool stuff requires a subscription but at least there are some options to learn things.
@@JonGoodCyber with Wazuh all the cool stuff is available for everybody.and you can give it a quick try with the docker version documentation.wazuh.com/3.13/docker/wazuh-container.html
I 💜 this videooo...
I'm glad that you enjoyed it!
Sorry Jon, I like the way you present your videos I just assumed what you would be sharing would be more focused on what logs we would need to be investigating. For instance, the Firewall Log, the DNS log, obviously the Security log etc. Other than that, you present well, are clear and concise and can't fault you!
The purpose of this video was really to provide an introduction to using the event viewer because unfortunately audits themselves can vary a lot in what the auditor wants to see. There might be follow up videos to this but i couldn't put everything into one video since it would be way too long. Thank you for watching!
@@JonGoodCyber Appreciate the response. Please don't see this as "trolling" or anything, I just made an assumption that it was digging in to the finer detail. I can't fault your delivery though! Very good / concise. Cheers.
No worries! I appreciate the feedback because it helps me identify topics for future videos.
@@JonGoodCyber Cheers. Appreciate I came across arrogant and didn't mean to! Enjoying some of the sessions though so, please don't stop making content!
I didn't take it that way and I always appreciate feedback and comments!
After formatting/resetting the pc, will the earlier logs be visible there?
If you restart your computer the logs will still be there until cleared. Formatting a PC involves wiping the system clear and therefore you would lose the logs in that situation.
@@JonGoodCyber thanks for the really quick reply. I actually wanted to know if there's anyway we can tell that the computer has been formatted/reset before. Could you please help me in this.
No because the entire computer is wiped and would start from fresh. If just the logs are cleared though, then Windows will generate a system event saying that the logs were cleared.
Explain the concept of logging? where are they located in windows and linux? sho b w an example of failed login logging in windows event viewer
After watching this video, you'll know exactly how to review Windows events so once you've identified the event ID that you need ( www.ultimatewindowssecurity.com/securitylog/encyclopedia/ ) then it's simple to filter based on that. 4625 is log on failures.
completing case in Immersive Labs for Hafnium events.. well - we will see if this helps :D we can use only Event Viewer
Awesome...let me know how it goes!
How do you filter the result based on content of EventData?
Probably for doing this kind of search you can use LogParser 2.2 application and then run a SQL query on your event data to fetch out the content what you are looking for.
You can use XML to do some additional filtering. Here is a good article: techcommunity.microsoft.com/t5/ask-the-directory-services-team/advanced-xml-filtering-in-the-windows-event-viewer/ba-p/399761
Do you have a brother that does vjdsa out air travel by any chance
I don't know what that is but no.
Hey jon,
Sorry i am learning about this but you are my best shot at getting the proof here. Long story short, some of the veryyy imp files have been deleted from google drive and even from trash. I know who did it from my laptop when i was away, it does say I deleted it because laptop had g-drive logged in. I am in reallll trouble now. All i want is a proof that my laptop was used between X-Y dates so that i can prove my innocence. I already am down the rabbit hole and i have reached here. Please guide me if this can be done from event viewer. All i want is confirmation that laptop was used during the dates when i wasn’t around. Even better if we can see someone opened g-drive.
I recommend reviewing the audits for any logon or logoff type events on your system. You can find the event IDs required here: www.ultimatewindowssecurity.com/securitylog/encyclopedia/
Why does security SPP will occur in windows 10 & why does it completely shuts down all the applications in my system at that moment
I recommend starting out with the official Windows documentation and then possibly checking the forums to see if somebody has a similar problem with a fix. learn.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-security-spp
how to find unauthorised log on on windows 10 using event viewer or powershell or cmd ... whatever .. i think i am being hacked ... please help
In event viewer, you can create a custom filter for any of the logon events you would like to see. A really good resource for event IDs can be found here ( www.ultimatewindowssecurity.com/securitylog/encyclopedia/ ).
How far back can event logs go as a maximum?
If you right click the individual log in the Windows Event Viewer and select properties, you can set the retention log size so theoretically you could store unlimited events. I wouldn't recommend making this value too large because you should be offloading the logs onto a better storage method such as a SIEM and then archiving the log files.
Hey Jon, I suspected someone was on my PC uninvited. I went to look at my event viewer logs and they have been cleared! I did not do this, could you help me out? Trying to figure out when they where cleared and when someone was on my PC, gods knows whats been installed. Can anyone help?
I recommend watching this video again because I walk through how to filter event logs being cleared. If you need to go deeper into memory you will want to research a digital forensics training course.
@@JonGoodCyber I did just recently change a setting in the registerey keys. It was for processes to keep them low on windows, since I game. Could that be affecting the event viewer?
I'm not sure what you mean by you changed registry keys as clearing the logs requires a high level of privilege to perform. If the event logs are gone (cleared) then your only possible option to recover them is using digital forensics. If you cannot view the events in the event viewer and they are still there, then you don't have the right level of access.
Very informative, thanks for sharing #Jon Good. From Bangladesh
I'm glad that you enjoyed it!
Can we get the Event Log of a computer remotely ?
You certainly can: learn.microsoft.com/en-us/host-integration-server/core/how-to-select-computers-in-event-viewer1
bro i need help ... how to find unauthorised logon windows 10 !!! i thing some one is hacking me !!! please help !!
In event viewer, you can create a custom filter for any of the logon events you would like to see. A really good resource for event IDs can be found here ( www.ultimatewindowssecurity.com/securitylog/encyclopedia/ ).
@@JonGoodCyber thank you soo much
Q: I got a Kaspersky file on windows log and I cam get rid of it to install a different antivirus.
I recommend visiting the vendor's website for instructions on uninstalling the software.
Thanks Jon Good
No problem and I'm glad that you enjoyed the video!
Good Content :)
Glad you think so!
Thanks! Gotta investigate a laptop tomorrow
You are welcome! Hope it's nothing too crazy but good luck either way.
how to display those security events using c or c++ program
Great question...have you researched how to do this? I think PowerShell is still going to be the easiest method if you want a command-line option.
Hi jon good
Do i need to to be a developer to enter cyber security field
Knowing how to program and code will definitely open more opportunities for you, however not all jobs require those skills. I would check out the video I made on Programming in Cyber Security for more information ( ruclips.net/video/N8IBZJb_mDE/видео.html ).
@@JonGoodCyber thanks bro
No problem!
Nice video bro i am also an IT guy
I'm glad that you enjoyed the video and welcome!
Hi John great video,after 3 years need t know somebody all of these stuff ?
Glad it was helpful! This is information that you should know very early on in your cybersecurity journey.
@@JonGoodCyber yes but if you use splunk or siem tools you dont need this one or?
@@johnvardy9559 you are correct in that typically in most environments, this kind of stuff will be done in a SIEM tool (i.e., Splunk, LogRhythm, etc.) but you absolutely need to know how to do it on a local system too. This is especially true for any type of technical role.
I posted a comment to social media and it got someone mad. I walked away from my pc for about an hour , and when I came back I tried to log back into the social media site , I could not. My password was incorrect. I had to reset it using my phone.
Can I use the event viewer to fond out if someone logged onto my PC and did something.
I have a few :
4624 Logon
4672 Special Logon
*** SEVERAL 5379 User Account Management
5058 Other System Events
5061 System integrity
4826 Other Policy Change Events
4696 Process Creation
Is there a way to tell me if someone was on my PC remotely or how they messed with my Facebook password ?
You will find this website ( www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx ) of tremendous value. You would be able to determine if there was a remote login but you couldn't see the web application logs for Facebook itself. For Facebook, you would need to reach out directly to them because only they could review the actions taken on the site.
@@JonGoodCyber Thank You @Jon I DO appreciate it. I WILL be doing ALLOT of reading it seems over the next few days.
As for going to Facebook , I did think about doing that when he replied to my post in a public area , but figured that sense he told me outright that he did what he did with something like Facebook , I didn't want to get him even more upset at me.
I'd like to think that passwords and routers , Avast , ZoneAlarm , Windows Defender and so on , would be enough , but it seems that if someone wants to be disruptive , they will...
I AM still gonna try yo see what else I can do in order to AT LEAST make My Family feel a bit safer though...
Many times when somebody is able to access an account, it was through social engineering. That means they could have got you to click a link or provide them with information to allow them access. All the tools in the world won't do any good if you fall victim to social engineering. Keep learning about security and improving your defenses!
Hi my friend. I am trying write script for task scheduler for sending realtime all logs to telegram channel. can you help me?
I recommend checking out Google because there are plenty of tutorials out there already that came up with a simple search.
@@JonGoodCyber i checked it but only fond script for logon. But not for other events
Wow. You’re Good
Thank you and I'm glad that you enjoyed the video!
How can I filter logs by date(s)?
PowerShell might be your quickest and efficient method: social.technet.microsoft.com/Forums/lync/en-US/f552d3fa-01e8-4949-ba2b-fc172bff9175/filtering-event-logs-with-specific-date-range?forum=winserverpowershell
In the Event Viewer, you can either sort by the date column, or you could edit the XML of the actual search.
@@JonGoodCyber Nice and Thanx
Thank You very much for this grate information...!!! In my computer shows to many times the ID 4672 Special Logon and ID 4624 Logon and I don´t know if this means tha some from out side is looking my personal information or it is just a simple thing from Windows Event...!!! Will you be so nice just to let me know if this could be dangerous or not...!!! I will appreciate so mucho...!!! I send you a big hug from México City...!!! God Bless You Always...!!!
Every situation is different but I would recommend checking out the below resources on those specific event IDs to get you started in your research.
www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4624
www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4672
Isn't there tools or apps that translate event viewer logs into more readable formats for us puny humans? I want to say it's something about SYS INTERNALS?
heck can ya do a video on that? Both converting errors logs into readable formats and a video on Sys Internals?
There are definitely more tools that I will be doing videos on but this particular video is to help people walk before they run. Thank you for the requests!
@@JonGoodCyber gotcha, I'll rewatch it then as maybe I missed "it" as I still jus see Event Viewer as error logs but still unsure as how to decipher them?
The Event Viewer is definitely not just for error logs. Essentially what your SIEM tool and other analysis tools do is take the raw events and make them easier to comprehend/correlate, especially at a larger scale. One important point is that we aren't just looking for failures or errors because there are successful events that should generate alerts depending on the environment. Think about if you had a production environment that operated during certain hours of the day but then all of a sudden you had people logging in at "strange" hours when nobody is around. A great resource for Windows Event IDs is this website ( www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx ).
@@JonGoodCyber gotcha, so no wonder a while back I had black screen blip for 2 secs but wasn't finding anything in Event Viewer. Thanks for the link, will check that out.
oNe
No problem!
Event Id 4740 not present in event viewer security log
If there isn't an event ID in your log then it hasn't occurred. Specifically 4740 is for user accounts being locked out.
Here is a reference article: www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4740
This is an excellent video. Is it a red flag to see several deleted events at the end of the list? My laptop is used only by me
Any time that you are missing logs or have deleted events and it wasn't authorized, then it should be a concern.
@@JonGoodCyber Wow! Thank you. Do you think that changing my IP address would help?
@@JonGoodCyber Should I also be concerned about the listening events? Does this mean that people are listening in?
Changing the IP address might help but I would recommend you get a good anti virus or anti malware software. As far as listening ports, you would have to research the ports after you scan your system with the anti virus software because they may or may not be malicious.
@@JonGoodCyber Thanks a bunch
How can I remove specific events from the event log?
That is outside the scope of this video and typically if you are trying to remove events...that's probably not for a good reason.
how can you do this using Autopsy?
The purpose of this video isn't to go deep into Windows forensics but perhaps I'll add that to the list for a future video.
@@JonGoodCyber please do. I am working on some homework for a digital forensics class and I have no Idea what I am doing. In the dark without you. Thanks mate.
How do I find an IP Address of an intruder and block payloads?
Probably for doing this kind of search you can use LogParser 2.2.. A query like below would help to find out from an IP address-
"C:\Program Files (x86)\Log Parser 2.2\LogParser.exe" -stats:OFF -i:EVT "SELECT TimeGenerated AS Date, EXTRACT_TOKEN(Strings, 5, '|') as Username, EXTRACT_TOKEN(Strings, 6, '|') as Domain, EXTRACT_TOKEN(Strings, 8, '|') as LogonType,EXTRACT_TOKEN(strings, 9, '|') AS AuthPackage, EXTRACT_TOKEN(Strings, 11, '|') AS Workstation, EXTRACT_TOKEN(Strings, 17, '|') AS ProcessName, EXTRACT_TOKEN(Strings, 18, '|') AS SourceIP FROM 'Security.evtx' WHERE EventID = 4624 AND Username NOT IN ('SYSTEM'; 'ANONYMOUS LOGON'; 'LOCAL SERVICE'; 'NETWORK SERVICE') AND Domain NOT IN ('NT AUTHORITY') AND SourceIP = 'x.x.x.x'"
Ideally you would be using a host intrusion prevention (or detection) system such as Snort or a similar type of tool that will store that information in an easier to consume format. Complex queries using the event viewer typically isn't going to be the best path.
Can you also see who deleted files???
Sure if you turn on file system auditing but by default Windows isn't going to show you that information.
HOW TO TAKE AD AUDIT LOGS FOR 3-6 MONTHS
There is a retention setting for Windows logs that you can modify but it's based on size of the log ( helpcenter.netwrix.com/NA/Configure_IT_Infrastructure/Windows_Server/WS_Event_Log_Settings.html ). If you are in an environment using Active Directory though, a best practice would be to use a SIEM tool like Splunk to forward the logs to a central solution where you can utilize more storage. We also would want to archive the raw log files so that we can go back and review them deeper if we need to.
leaving a coment for the youtube algorithm
Thank you and I appreciate the support!
my guy
I'm glad that you enjoyed the video!
0% audio. I tried other videos and they worked.
The video definitely has audio so I would check your settings.
you missed the easiest way to open event manager. just open server manager then go to the tools in the top most section and look for event viewer. Thats it.
Like most things, there are several ways to accomplish the same objective.
@@JonGoodCyber yup one should always be open to new and easy ways.
I was hoping for explanation of the many diff types of event IDs . But I guess like most videos, we are expected to just "google it" and go into rabbit holes. OK video for learning basic EV navigation, that's all. Too much self-promo at the start. No real "cyber security" information.
This video was not meant to be an all encompassing security analysis of a system. The purpose is to teach how to use the Event Viewer because like anything in Cyber Security, there are variables that make every situation different. If you are interested in specific event IDs, there is a really good resource here ( www.ultimatewindowssecurity.com/securitylog/encyclopedia/ ). I do have future videos planned that will cover specific things to look for but we have to start with the basics. Thank you for viewing and I appreciate the feedback!
@@JonGoodCyber Thanks for your response. Looks like a very useful link, too. Thanks!
Waste of my time
Sorry to hear that but thank you for watching!
Onboard system software is dece enough
You can definitely accomplish a lot with built-in functionality and software, however external applications frequently enhance or add to that functionality. Additionally, built-in applications don't work well when you have to start looking at several, hundreds, or thousands of systems.
@@JonGoodCyber Definitely I would imagine a complex system network requires specialized software for ease of viewing
Windows tutorials without indian, a bit confusing for me ;]
I'm not sure what you mean by "without indian" but you can certainly watch the video as much as you need.
Everyone clicking on this video because someone touched something they weren't supposed to
Not everybody is doing things that they shouldn't be doing...
Sorry but this video is a joke
I am always open to feedback on how to improve content and presentation but just saying something is a joke does not help.
Thank you for this post. Some times if feels better to jump in as you just did but for trying Splunk or DeepBlueCLi
I'm glad that you enjoyed the video!