RE: Event log managment

From: Seamus Hartmann (shartmann@fujifilmesys.com)
Date: 12/12/01 

From: Seamus Hartmann <shartmann@fujifilmesys.com>
To: "'Focus-ms@securityfocus.com'" <Focus-ms@securityfocus.com>
Date: Wed, 12 Dec 2001 17:19:29 -0500

Hey,

Do you want just security event logs? If so, LanGuard (www.gfi.com, right?)
will do it.

But if you want more logs than just the Security logs, you need to ask
yourself, do I want Agents on every machine? Or not?

If you don't mind the slight overhead that Agents can add to a machine, the
best event log software for nt/2000 (with agents) is ELM, or Event Log
Manager. Can be found at www.sunbelt-software.com

If you want something that DOESN'T use agents, you should look into Dorian
Software's Event Management Suite. Doesn't use agents, it polls using the
ADMIN$ share, or whatever share you customize into it.

There are other choices, like the ntsyslog
http://www.geocities.com/sabernet_net/software/ntsyslog.html
But you'll have parse through the stuff this dumps yourself.

Grep for windows, anyone?

Anyways, those are the best, in my own, personal, very opinionated opinion.
Your mileage may vary. Use caution. Look both ways before crossing the
street.

Seamus Hartmann

-----Original Message-----
From: Garrett Murphy [mailto:garrett@eaifhe.ac.uk]
Sent: Wednesday, December 12, 2001 3:50 PM
To: focus-ms@securityfocus.com
Subject: Event log managment

So, we are advised to look at our event logs. So i am evaluating
LanGuard. This will check event logs on machines, clear the logs and
report anything strange. Has anyone out there had a look or can anyone
recomend?
 
cheers
 
garrett

Relevant Pages

  • Re: How-to log the event when a user account is blocked in Active Dire
    ... I couldnt find the al.exe from the ressource kit, ... I already tried to look in security event logs, ... >> Because the only thing I can do is going to the server and reenable them. ...
    (microsoft.public.windows.server.scripting)
  • Best Event Log Archival Management Tool?
    ... Out event logs fill faster than we can manage ... them and empty them. ... We would like a tool that will consolidate the security event logs from all ... but SCOM 2007 is overkill in cost if used only for event log management. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Lock down Event Logs?
    ... Windows Printing/Imaging/Hardware ... How can an administrator prevent non-administrator view access> to the event logs? ... The security event logs are truly locked down to only> administrators, but how can one do the same thing for the other event> logs. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Lock down Event Logs?
    ... Windows Printing/Imaging/Hardware ... How can an administrator prevent non-administrator view access> to the event logs? ... The security event logs are truly locked down to only> administrators, but how can one do the same thing for the other event> logs. ...
    (microsoft.public.win2000.security)
  • Re: Lock down Event Logs?
    ... Windows Printing/Imaging/Hardware ... How can an administrator prevent non-administrator view access> to the event logs? ... The security event logs are truly locked down to only> administrators, but how can one do the same thing for the other event> logs. ...
    (microsoft.public.security)
Quantcast