Security Basics mailing list archives
Re: Windows event auditing and reporting
From: "List Spam" <listspam () gmail com>
Date: Wed, 5 Apr 2006 08:40:24 -0700
For a good general starter, check out the "Library" section of www.loganalysis.org. In particular, take a look at the various Event Log to Syslog translators and subsequent Syslog reporting tools. The reason I recommend conversions to Syslog are that it's a well-known and well-supported format for open-source and commercial tools of the type you're looking for. Additionally, it's the de-facto logging standard for just about everything outside of the MS world - e.g. Routers, Switches, most IDS, Unix, etc. Once you get your logs into a generally vendor-agnostic format such as Syslog, you open up numerous options that won't be otherwise available, all the while keeping in tact those options that exist on your platform of choice, such as LogParser, WMIC, EventcombMT, DUMPEL, ELOGDUMP, etc. which can still be used in conjunction with your overall log centralization, corrolation, and reporting facilities. My two cents. RE On 4/3/06, rs <rsmade () gmail com> wrote:
Can anyone recommend a good tool that will alert and report on Windows Event logs, especially DC logs for events such as New user accounts, changed user accounts, deleted user accounts, locked user accounts, failed login attempts, expired passwords, dormant accounts, etc. We have looked at both S.E.L.M from GFI (Reporting wasn't great) and Active Administrator from ScriptLogic (Reporting was great but event criteria was not customizable and it offers a ton of nice features that we don't necessarily need but would be paying for.) . Just wanted to see if there was anything else out there that someone could recommend? --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
--------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Windows event auditing and reporting rs (Apr 03)
- Re: Windows event auditing and reporting Phunkodelic (Apr 04)
- Re: Windows event auditing and reporting PCSC Information Services (Apr 05)
- Re: Windows event auditing and reporting List Spam (Apr 05)
- <Possible follow-ups>
- RE: Windows event auditing and reporting Nick Vaernhoej (Apr 04)