RE: Managing Windows Event Logs

From: Joseph Kim - HQ (josephkim_at_hanmi.com)
Date: 06/23/03

Next message: Jannie Hanekom: "RE: adding new service to system services list"

Previous message: Justin Pryzby: "Re: Filtering DHCP Assignments by MAC Address"
Maybe in reply to: Chuck Meeusen: "Managing Windows Event Logs"
Next in thread: Pipes Cuchifrito: "Re: Managing Windows Event Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 23 Jun 2003 09:58:16 -0700
To: <focus-ms@securityfocus.com>

We've just implemented MOM (Microsoft Operations Manager). It works
well. It gathers all of the event logs and notifies user groups based on
rules. It works with the application logs from SQL, Exchange, and 2000.
The most useful thing it tells me if there is a failure with a service
that did not start up or had a dependency failure.

Once you get the email, there is a hyperlink which takes you to the mom
server. It briefly explains the event and how to fix it (if you believe
Microsoft).

-Joseph Kim

-----Original Message-----
From: Chuck Meeusen [mailto:cmeeusen@optonline.net]
Sent: Friday, June 20, 2003 1:28 PM
To: focus-ms@securityfocus.com
Subject: Managing Windows Event Logs

This discussion on event logs hits home for me. I'm attempting to build
a system of gathering and archiving the event logs from a number (15 at
present but must scale to 30-40) of NT and 2K servers. It's not pretty.

My main source of information has been a document prepared for a SANS
course called "Centralizing Event Logs on Windows 2000" by Greg Lalla.
He scripts dumpevt.exe which I've found to be very effective and then
bcp's the csv's into a SQL dbase.

So I'm wondering what anyone else is doing to gather logs and archive?

------------------------------------------------------------------------
-----
------------------------------------------------------------------------
------

-----------------------------------------------------------------------------
------------------------------------------------------------------------------

Next message: Jannie Hanekom: "RE: adding new service to system services list"

Previous message: Justin Pryzby: "Re: Filtering DHCP Assignments by MAC Address"
Maybe in reply to: Chuck Meeusen: "Managing Windows Event Logs"
Next in thread: Pipes Cuchifrito: "Re: Managing Windows Event Logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Notification upon few logon failure attempt
... event logs, no. ... It's easy to do in MOM 2005. ... Brian Desmond ... Windows Server MVP - Directory Services ...
(microsoft.public.windows.server.active_directory)
Re: Managing Windows Event Logs
... I decided to stay with the process I cited from SANS because 1). ... tools (except for SQLServer of course, but we already own that) 2.) it keeps ... > build a system of gathering and archiving the event logs from a ...
(Focus-Microsoft)
Managing Windows Event Logs
... This discussion on event logs hits home for me. ... build a system of gathering and archiving the event logs from a ...
(Focus-Microsoft)