RE: Windows 2003 Logging/Log Analysis Tool

["Castigliola, Angelo" <ACastigliola () unumprovident com>]

As MadHat already suggested: for free tools I found that Snare
(http://www.intersectalliance.com/projects/index.html) was the best
however it lacks good notification features such as email or desktop
alerts that inform you there is a problem . You basically need to
monitor Snare's output.

EventSentry light (http://www.eventsentry.com/downloads_eslight.php) is
another free tool that will allow you to monitor one server's event logs
and will send you a scheduled daily email that summarizes events that
occurred that you specify in the filter. Not real good if you are
looking for real time notification.

Like everyone else has suggested it seems like the best/more common
approach to do this low-cost is to deploy a syslog server with open
source tools such as http://sourceforge.net/projects/logcheck/ to
monitor and send emails when a specific event is logged.

As for MS MOM I believe this tool is more for monitoring the
availability of network resources and let you know when something is
down, like big brother. I just got my copy of MOM and plan on deploying
it on my home LAN soon.
 
Please let me know if you do find a free tool that will monitor window's
event log and send out email notifications when a specific event occurs.

Angelo Castigliola III
Enterprise Security Architecture
UnumProvident

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Michael
Holstein
Sent: Thursday, November 17, 2005 11:50 AM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Windows 2003 Logging/Log Analysis Tool

> I'm looking for recommendation on what are the better log analysis 
> softwares around that're capable of generating good logs for;
>
>     * IIS 6.0
>     * NetApp NetCache 5.x
>     * Microsoft ISA RRAS
>  
> Are there also Log Agents available for System so that all the logs
are 
> contributed to a Centralized Log Server?

My favorite way to do this is just send it via syslog to a UNIX box, 
then use grep/perl/whatever to post-process it. If you use syslog-ng you

can put the events into MySQL which opens some additional possibilities.

Best way to get windows logs (event logs, text based files, etc) is 
EventReporter (www.adiscon.de). It's cheap .. $30/license I think.

Regards,

Michael Holstein CISSP GCIA
Cleveland State University
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/