Security Basics mailing list archives

RE: Event Viewer Monitoring Tool

From: Meidinger Chris <chris.meidinger () badenit de>
Date: Tue, 12 Aug 2003 09:01:47 +0100

Hi Alastair,

there are different methodologies to do this, but the basic one would be to
concentrate all of your logs (for example on a log server with ntsyslogd)
and then configure your syslog server to alert on specific events. 

At work what we did is wrote an application that dumps the event logs from
servers into a database which processes them to remove known uninteresting
events  (which cuts the log size by something like 95%) and then we manually
review the rest. 

SO answer is: think about your methodology, how do you want to do it, then
try to implement it - it can really be quite simple if you are willing to
take a day or two and write a database or set up an intelligent log server.

badenIT GmbH
System Support
 
Chris Meidinger
Tullastrasse 70
79108 Freiburg


-----Original Message-----
From: Alastair Cook [mailto:Alastair.Cook () crown uk com]
Sent: Monday, August 11, 2003 1:20 PM
To: security-basics () securityfocus com
Subject: Event Viewer Monitoring Tool


Has anyone got any suggestion for a reasonably priced (very) Event Viewer
monitoring tool.

I need it to basically look at the Event Viewer on 30 - 50 servers and mail
me important or filtered events.

I realise that one can spend thousands on this sort of software with all the
bells and whistles, but I need to keep it simple and cheap.

It's really to avoid the task of checking all individual servers manually
everyday!

Many thanks, Al

----------------------- 
This email is confidential and intended solely for the use of the individual
to whom it is addressed. Any views or opinions presented are solely those of
the author and do not necessarily represent those of Alphameric Hospitality.
If you are not the intended recipient, be advised that you received this
email in error and that any use, dissemination, forwarding, printing, or
copying of this email is strictly prohibited. If you have received this
email in error please notify the sender.


---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Event Viewer Monitoring Tool Alastair Cook (Aug 11)
- RE: Event Viewer Monitoring Tool Seth Connolly (Aug 12)
- RE: Event Viewer Monitoring Tool Roland Venter (Aug 12)
- RE: Event Viewer Monitoring Tool jm (Aug 12)
- <Possible follow-ups>
- RE: Event Viewer Monitoring Tool ezat (Aug 12)
- RE: Event Viewer Monitoring Tool Damon McMahon (Aug 12)
- RE: Event Viewer Monitoring Tool Freddie Soerensen (Aug 12)
- RE: Event Viewer Monitoring Tool Meidinger Chris (Aug 12)
- RE: Event Viewer Monitoring Tool Alastair Cook (Aug 13)