Full Disclosure mailing list archives
RE: Windows 2003 Logging/Log Analysis Tool
From: "Castigliola, Angelo" <ACastigliola () unumprovident com>
Date: Thu, 17 Nov 2005 14:25:40 -0500
As MadHat already suggested: for free tools I found that Snare (http://www.intersectalliance.com/projects/index.html) was the best however it lacks good notification features such as email or desktop alerts that inform you there is a problem . You basically need to monitor Snare's output. EventSentry light (http://www.eventsentry.com/downloads_eslight.php) is another free tool that will allow you to monitor one server's event logs and will send you a scheduled daily email that summarizes events that occurred that you specify in the filter. Not real good if you are looking for real time notification. Like everyone else has suggested it seems like the best/more common approach to do this low-cost is to deploy a syslog server with open source tools such as http://sourceforge.net/projects/logcheck/ to monitor and send emails when a specific event is logged. As for MS MOM I believe this tool is more for monitoring the availability of network resources and let you know when something is down, like big brother. I just got my copy of MOM and plan on deploying it on my home LAN soon. Please let me know if you do find a free tool that will monitor window's event log and send out email notifications when a specific event occurs. Angelo Castigliola III Enterprise Security Architecture UnumProvident -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Michael Holstein Sent: Thursday, November 17, 2005 11:50 AM To: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Windows 2003 Logging/Log Analysis Tool
I'm looking for recommendation on what are the better log analysis softwares around that're capable of generating good logs for; * IIS 6.0 * NetApp NetCache 5.x * Microsoft ISA RRAS Are there also Log Agents available for System so that all the logs
are
contributed to a Centralized Log Server?
My favorite way to do this is just send it via syslog to a UNIX box, then use grep/perl/whatever to post-process it. If you use syslog-ng you can put the events into MySQL which opens some additional possibilities. Best way to get windows logs (event logs, text based files, etc) is EventReporter (www.adiscon.de). It's cheap .. $30/license I think. Regards, Michael Holstein CISSP GCIA Cleveland State University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Windows 2003 Logging/Log Analysis Tool John Goh (Nov 17)
- Re: Windows 2003 Logging/Log Analysis Tool MadHat (Nov 17)
- Re: Windows 2003 Logging/Log Analysis Tool Michael Holstein (Nov 17)
- RE: Windows 2003 Logging/Log Analysis Tool Vernocchi, Pablo (Nov 17)
- Re: Windows 2003 Logging/Log Analysis Tool chairuou (Nov 23)
- <Possible follow-ups>
- RE: Windows 2003 Logging/Log Analysis Tool Fielder, Kevin (GE Consumer Finance) (Nov 17)
- RE: Windows 2003 Logging/Log Analysis Tool Castigliola, Angelo (Nov 17)
- RE: Windows 2003 Logging/Log Analysis Tool Vernocchi, Pablo (Nov 17)
- Re: Windows 2003 Logging/Log Analysis Tool MadHat (Nov 17)
- Re: Windows 2003 Logging/Log Analysis Tool Tom Meier (Nov 18)
- Re[2]: Windows 2003 Logging/Log Analysis Tool Mathieu CHATEAU (Nov 18)
- Re: Windows 2003 Logging/Log Analysis Tool Michael Holstein (Nov 18)
- Re: Windows 2003 Logging/Log Analysis Tool MadHat (Nov 18)