Windows NT/2000 Event Log Management and Intrusion Detection – This powerpoint presentation focuses on how Windows NT/2000 administrators can get a handle on multiple event logs on many boxes, how to interface with the UNIX syslog facility, how to build a real-time monitoring system for a heterogeneous environment using inexpensive tools, and what event log messages to look for in regards to host-based intrusion detection.
You can download it from the following link: https://packetstormsecurity.com/files/download/23366/cscottSANSfinal.ppt
Source: https://packetstormsecurity.com/files/23366/cscottSANSfinal.ppt.html