The problem with the information provided is that it’s difficult to easily get a sense for which events are absolutely critical, and which represent a user forgetting their password. To get a perspective on how difficult security log management can be, multiply the events that you find on one system by the number of systems on your network.
As you can see, the mountain of data quickly becomes unmanageable, and certainly makes responding to critical incidents difficult. This is a large part of the reason why some companies disable the auditing feature of Windows 2000 almost as quickly as they turn it on.
While Windows 2000 Security logs provide reams of valuable information, it’s up to you as the administrator to collect, analyze and assess the information they provide. Not only is this next to impossible in a large environment, it could easily be a full-time job all by itself.
To read more of this article, please Click Here.