Security Basics mailing list archives
RE: Event log monitoring
From: "Kurt" <kurtbuff () spro net>
Date: Thu, 14 Oct 2004 11:59:53 -0700
Anything that can be syslogged should be. However, I'll note a couple of other particulars: 1) http://intersectalliance.com has an IIS log - to - syslog app, which I also run. 2) set all of your infrastructure that is capable of it to syslog - switches, routers, etc. -----Original Message----- From: dsimcik () bentley edu [mailto:dsimcik () bentley edu] Sent: Thursday, October 14, 2004 09:14 To: kurtbuff () spro net Cc: security-basics () securityfocus com Subject: RE: Event log monitoring Thanks for answering this question so succinctly.
From a security perspective, aside from the NT Event Logs, IDS Agent
monitoring, and application-specific logs, is there anything else at the OS/system level that should be logged? What would complete the picture, so to speak? The NT Event Logs leave a fair amount to be desired, IMHO. THANKS! DTS David Simcik ----------------------------------- Senior Web Developer - Web Services Email: dsimcik () bentley edu "Kurt" <kurtbuff () spro net> 10/13/2004 06:41 PM Please respond to kurtbuff To: "'Stephane Auger'" <stephaneauger () pre2post com>, <security-basics () securityfocus com> cc: (bcc: David Simcik/Staff/Bentley) Subject: RE: Event log monitoring http://ntsyslog.sourceforge.net or http://intersectalliance.com/snare - will send your eventlogs to a syslog server in realtime http://kiwisyslog.com - a very good syslog server for Windows, and if you pay for it (it's very inexpensive for the impressive quality), it'll even log to an ODBC DSN http://mysql.com - A free SQL database server, with an ODBC interface, both Windows and *nix. Pretty much all you need. | -----Original Message----- | From: Stephane Auger [mailto:stephaneauger () pre2post com] | Sent: Tuesday, October 12, 2004 13:26 | To: security-basics () securityfocus com | Subject: Event log monitoring | | | Hey everyone, | | I'm looking for a practical way to monitor event logs on multiple | servers. There are multiple subnets at multiple sites, and I have one | main LAN to monitor everything. Is there some kind of software/batch | file that could be installed on the servers so that the events be sent | on my monitoring lan (a little bit like SNMP sending to a listening | server)? Thanks!! | | Stephane Auger, MCP
Current thread:
- Event log monitoring Stephane Auger (Oct 13)
- Re: Event log monitoring Josh Mills (Oct 13)
- RE: Event log monitoring David Nardoni (Oct 14)
- RE: Event log monitoring Kurt (Oct 14)
- RE: Event log monitoring s b (Oct 18)
- <Possible follow-ups>
- RE: Event log monitoring Osvaldo Casagrande (Oct 14)
- RE: Event log monitoring Kurt (Oct 15)
- RE: Event log monitoring Ryan Murphy (Oct 15)
- RE: Event log monitoring Kurt (Oct 18)
- RE: Event log monitoring Julen C (Oct 18)
- RE: Event log monitoring Tran, Nhon (Oct 19)
- Re: Event log monitoring nanoLox (Oct 19)
- RE: Event log monitoring Bhavani Suresh (Oct 20)