RE: Event log managment

From: McLeod, Dennis (Dennis.McLeod@Nolte.com)
Date: 12/13/01

• Previous message: Maryanne Peaslee: "Re: Lock Computer in Win2k"
• Maybe in reply to: Garrett Murphy: "Event log managment"
• Next in thread: H C: "RE: Event log managment"
• Next in thread: Colin Stefani: "RE: Event log managment"
• Reply: H C: "RE: Event log managment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "McLeod, Dennis" <Dennis.McLeod@Nolte.com>
To: "'focus-ms@securityfocus.com'" <focus-ms@securityfocus.com>
Date: Thu, 13 Dec 2001 08:57:40 -0800

We use dumpel (Resource Kit) to dump them to text files.
We then use BCP to dump the text files into a sql database.
One of our programmers wrote some code to clear the event logs.
I then use Excel to check my event logs.
I currently have a scheduled task running every morning on all my (15)
servers.
I plan on making a schduled task run every half hour, and then my database
guru will
write a stored procedure looking for events I specify.
By dumping them to SQL, we were able to turn on ALL auditing on all servers,
and be able to keep them for some length of time. (Currently 1 month).
We tried some 3rd party products (Event Analyst - Not meant for a WAN
environment), ELM (Way out of our budget), so we spent a day and figured it
out ourselves.....

-----Original Message-----
From: Garrett Murphy [mailto:garrett@eaifhe.ac.uk]
Sent: Wednesday, December 12, 2001 12:50 PM
To: focus-ms@securityfocus.com
Subject: Event log managment

So, we are advised to look at our event logs. So i am evaluating
LanGuard. This will check event logs on machines, clear the logs and
report anything strange. Has anyone out there had a look or can anyone
recomend?
 
cheers
 
garrett

---

• Previous message: Maryanne Peaslee: "Re: Lock Computer in Win2k"
• Maybe in reply to: Garrett Murphy: "Event log managment"
• Next in thread: H C: "RE: Event log managment"
• Next in thread: Colin Stefani: "RE: Event log managment"
• Reply: H C: "RE: Event log managment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Issues with store.exe and RPCServ.exe ... Please look through your event logs and let us know the ... RPCServ.exe is not on my radar on any of the servers that I ... at the running processes using task manager (as well as the daily ... having enough storage on the C: ... (microsoft.public.windows.server.sbs) RE: Event log managment ... Depending on the size of your network (how many servers), ... capabilities and budget there are some products out there that do this. ... in various ways (not only event logs). ... (Focus-Microsoft) Re: SBS Randomly Shuts Down! ... In the event logs we find the following: ... All Domain Controller Servers in use are ... not responding: ... Check your SBS with the SBS Best Practices Analyzer ... (microsoft.public.windows.server.sbs) SBS Randomly Shuts Down! ... seriously running out of ideas. ... In the event logs we find the following: ... All Domain Controller Servers in use are ... not responding: ... (microsoft.public.windows.server.sbs) Event log counts... ... I am currently working on implementing a windows syslog solution in which ... Win2k servers will dump their application/system/security event logs to a ... across all 200 of our servers?" ... (Security-Basics)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ms  > 2001-12