RE: Managing Windows Event Logs

From: Depp, Dennis M. (deppdm_at_ornl.gov)
Date: 06/23/03

Next message: hong li: "Windows 2000 password policy"

Previous message: Dincer ONEL: "adding new service to system services list"
Maybe in reply to: Chuck Meeusen: "Managing Windows Event Logs"
Next in thread: Chris Lynch: "RE: Managing Windows Event Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 23 Jun 2003 11:12:11 -0400
To: Chuck Meeusen <cmeeusen@optonline.net>, focus-ms@securityfocus.com

Chuck,

We are using Event Log Manager from TNT software. It will gather the
logs and store them in an SQL database. ELM also provides alerting
capability although I have not used it much yet. We also have a nightly
job that pulls the security log out of the SQL database and moves it to
an Oracle database. This allows us to archive the security log for a
longer period of time.

Dennis

>
> -----Original Message-----
> From: Chuck Meeusen [mailto:cmeeusen@optonline.net]
> Sent: Friday, June 20, 2003 4:28 PM
> To: focus-ms@securityfocus.com
>
> This discussion on event logs hits home for me. I'm attempting to
> build a system of gathering and archiving the event logs from a
> number (15 at present but must scale to 30-40) of NT and 2K
> servers.
> It's not pretty.
>
> My main source of information has been a document prepared for a
> SANS course called "Centralizing Event Logs on Windows 2000" by
> Greg Lalla. He scripts dumpevt.exe which I've found to be very
> effective and then bcp's the csv's into a SQL dbase.
>
> So I'm wondering what anyone else is doing to gather logs and
> archive?
>
> C.
>
>
> --------------------------------------------------------------
> ---------------
> --------------------------------------------------------------
> ----------------
>
>
>

-----------------------------------------------------------------------------
------------------------------------------------------------------------------

Next message: hong li: "Windows 2000 password policy"

Previous message: Dincer ONEL: "adding new service to system services list"
Maybe in reply to: Chuck Meeusen: "Managing Windows Event Logs"
Next in thread: Chris Lynch: "RE: Managing Windows Event Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: SMS Site Server backup when SQL database is placed in another
... There is nothing unusual in the logs you mentioned. ... Sami ... > Yes they should be there regardless of where the SQL database is located. ... >>> It is also possible that your Site Control file could be pooched. ...
(microsoft.public.sms.admin)
RAID
... Which type of RAID should I use for SQL database + logs in ... Cluster? ... Marek ...
(microsoft.public.sqlserver.clustering)
Read event log from end
... and stores them in SQL database. ... But I don't know hove to read logs for let's say last 24 hours, ... Can I read logs from last to first? ...
(microsoft.public.dotnet.languages.csharp)
Re: Problem in Exchange, not many info in logs, please help!
... Clear the event logs on the server and connect with a client that has the ... Default Offline Address List ...
(microsoft.public.windows.server.sbs)
Re: How to sort a comma delimited text file?
... > Trying to make a script that takes 4 different event log files, ... If you mean the Windows Event logs, these are not comma delimited files. ... Dim strComputer, objWMIService, colLoggedEvents, objEvent ...
(microsoft.public.scripting.vbscript)