RE: Fwd: Centralizing Event Viewer Logs

Hi All,

What kind of machine your using to get 30000+ mps?

Thanks,
Hugo.
-----Mensaje original-----
De: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] En
nombre de M. Burnett
Enviado el: viernes, 01 de febrero de 2008 23:25
Para: 'James Winzenz'; focus-ms@xxxxxxxxxxxxxxxxx
Asunto: RE: Fwd: Centralizing Event Viewer Logs

In a lab environment I have seen enVision go as high as 30,000+ sustained
events per second with just one collector. The thing I like best about
envision is the ability to correlate events from multiple devices and make
your own alerts from that. So if you see too many failed logins in too many
workstation event logs all at once you can be alerted.

M. Burnett



-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of James Winzenz
Sent: Friday, February 01, 2008 1:33 PM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: RE: Fwd: Centralizing Event Viewer Logs

If we want to start comparing enterprise products, you need to add RSA
enVision to the list. The system is completely scalable in terms of
how many events per second it can handle. We have an older HA series
appliance, which can handle 7500 events per second sustained, with
burst up to 9750. Newer enterprise level appliances from RSA enVision
are simply limited by the number of collectors you purchase, with each
collector capable of 10,000 sustained events per second. Can you tell
I am biased? I love the features it has - enterprise reporting,
alerting, ability to collect from windows, syslog, IIS, SQL, Oracle,
and lots others. We haven't even tapped the potential of our system
and we are loving what we can do with it. Of course, once you get into
these products, you are talking about several hundred thousand dollars.
Not for your average Small-medium sized business.

James Winzenz
Infrastructure Engineer - Security
Pulte Homes Information Services


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Nick Gage
Sent: Friday, February 01, 2008 11:26 AM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: RE: Fwd: Centralizing Event Viewer Logs

Check out Loglogic http://www.loglogic.com

It will handle up to 4000 mps sustained and can handle spikes up to
30000 mps.



-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of James Winzenz
Sent: Friday, February 01, 2008 12:28 PM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: RE: Fwd: Centralizing Event Viewer Logs

IMHO, you get what you pay for.

Are you referring to this product?
http://sourceforge.net/projects/eventlogmonitor/

If so, it looks like it can only deal with windows logs. That is not
going to get you very far. If you want to know what is going on within
your network, you really need something that can handle syslog messages
as well (routers, firewalls, etc.).

Although not pertinent to the product you mentioned, I remembered
reading on GFI's website about their event log management product.
They were *boasting* that their collector could handle up to 6 million
events per hour. That boils down to a paltry 1667 events per second,
which is absolutely pathetic. A couple of core routers/firewalls could
easily overwhelm this.

James Winzenz
Infrastructure Engineer - Security
Pulte Homes Information Services


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of
ottobeli82@xxxxxxxxxxxx
Sent: Friday, February 01, 2008 9:08 AM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Re: Fwd: Centralizing Event Viewer Logs

Is there someone who already tried the product SB Eventlog Monitor?

I´m thinking about starting some tests in my network (all windows, 2000
machines) centralizing all the logs in one server, but I would like to
hear from you any kind of experience with this product.

I would like to know how the product behaves concerning network
traffic, manageability and event correlation.

CONFIDENTIALITY NOTICE: This email may contain confidential and
privileged material for the sole use of the intended recipient(s). Any
review, use, distribution or disclosure by others is strictly
prohibited. If you have received this communication in error, please
notify the sender immediately by email and delete the message and any
file attachments from your computer. Thank you.

CONFIDENTIALITY NOTICE: This email may contain confidential and
privileged material for the sole use of the intended recipient(s). Any
review, use, distribution or disclosure by others is strictly
prohibited. If you have received this communication in error, please
notify the sender immediately by email and delete the message and any
file attachments from your computer. Thank you.

Relevant Pages

  • RE: Fwd: Centralizing Event Viewer Logs
    ... Pulte Homes Information Services ... Para: 'James Winzenz'; focus-ms@xxxxxxxxxxxxxxxxx ... workstation event logs all at once you can be alerted. ... It will handle up to 4000 mps sustained and can handle spikes up to ...
    (Focus-Microsoft)
  • RE: Fwd: Centralizing Event Viewer Logs
    ... Para: 'James Winzenz'; focus-ms@xxxxxxxxxxxxxxxxx ... In a lab environment I have seen enVision go as high as 30,000+ sustained ... workstation event logs all at once you can be alerted. ... It will handle up to 4000 mps sustained and can handle spikes up to ...
    (Focus-Microsoft)