RE: Win2k log management

From: Jackson, Ben (DPH) (Ben.Jackson@state.ma.us)
Date: 01/29/03

  • Next message: Dan Uscatu: "uh, oh (was:Re: w2k server compromised)" 
    From: "Jackson, Ben (DPH)" <Ben.Jackson@state.ma.us>
To: "Holmes, Tyran" <tholmes@ascendone.com>, jsansi@ritzfoodservice.com, defaillance@hushmail.com, focus-ms@securityfocus.com
Date: Wed, 29 Jan 2003 10:19:57 -0500

    I gotta vote against LANGuard SELM. In our experience with it, we have to
    reinstall it every 3-4 months on the server in charge of monitoring. It
    requires MS Message Queuing, and the program seems to jam the service,
    rendering the box unusable (need to shut it down hard and reboot into safe
    mode to uninstall). Once the program is uninstalled, the service returns to
    normal. We then can reinstall the program and have it function happily for
    another 3-4 months, when the process starts all over. Very weird. I don't
    like it.

                                                                    ~Ben 

    --
Ben Jackson - Asst LAN Admin - MA Dept. of Health - Bureau of Health Stats.
		ben.jackson@state.ma.us - bbj@innismir.net
Sysadmining - Hours of frustration punctuated by moments of sheer terror 
> -----Original Message-----
> From: Holmes, Tyran [mailto:tholmes@ascendone.com] 
> Sent: Tuesday, January 28, 2003 2:07 PM
> To: jsansi@ritzfoodservice.com; defaillance@hushmail.com; 
> focus-ms@securityfocus.com
> Subject: RE: Win2k log management
> 
> 
> I have attached a link to the site for Languard's/GFI SELM - 
> Security Event Log Monitor.  We tried it and were quite 
> pleased with it's performance and configurability.
> 
> http://www.gfi.com/lanselm/index.html
> 
> I hope that helps.  There are many applications out there 
> that do this. Try a Google search for Log Monitor or Log 
> Manager or something along those lines.  You're bound to get 
> a bunch of possibilities.
> 
> Tyran
> 
> -----Original Message-----
> From: Jimmy Sansi [mailto:jsansi@ritzfoodservice.com] 
> Sent: Friday, January 24, 2003 5:23 PM
> To: defaillance@hushmail.com; focus-ms@securityfocus.com
> Subject: RE: Win2k log management
> 
> Offhand I don't know of any specific software (although
> I am sure some exists) you could do this cheaply and easily 
> with perl (or your scripting language of choice) and store 
> the event logs into a database like MySQL.
> 
> You mentioned having to walk over to the machine to check
> the event logs, which you don't need to do. Using the Event 
> Viewer MMC snap-in you can view the event logs remotely on 
> any machine you have access privelages to.
> 
> -Jimmy
> 
> -----Original Message-----
> From: defaillance@hushmail.com [mailto:defaillance@hushmail.com]
> Sent: Friday, January 24, 2003 1:55 PM
> To: focus-ms@securityfocus.com
> Subject: Win2k log management
> 
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> I am currently administering over 10 server(advanced) and 20 
> workstation (pro), The management of 
> event/security/application log has become unbeareable,so im 
> looking for a centralized management solution were the 
> informatin would be gather from server/workstation to a 
> specific server, so the question is: Anyone aware of such a 
> software that could do the job ? commercial or freeware, I 
> basically just want to avoid having to walk over to check 
> them manually.
> 
> also if anyone who has faced this situation is willing to 
> share their knowledge on the subject...
> 
> Thanks
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.2 (Java)
> Note: This signature can be verified at 
> https://www.hushtools.com/verify
> 
> 
> wl8EARECACAFAj4xf/sZHGRlZmFpbGxhbmNlQGh1c2htYWlsLmNvbQAKCRAAqpYJlh8f
> xQ7GAJ9+/LTX1k/uD/cY6mzx8iPKehJGhgCY8S0SZc03cmWwXsZwQBpQ8K7Rog==
> =4gCk
> -----END PGP SIGNATURE-----
> 
> 
> 
> 
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2
> 
> Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427