RE: Event log counts...

• Previous message: Kelly Martin: "SF new article announcement: WEP Dead Again, Part 1"
• Maybe in reply to: Ryan Murphy: "Event log counts..."
• Next in thread: Kurt: "RE: Event log counts..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: 'Ryan Murphy' <RMurphy@irvinecompany.com>, security-basics@securityfocus.com
Date: Tue, 14 Dec 2004 15:25:01 -0600

Ryan,
        We have a developer than wrote a custom app that is capturing the
logs on 47 web servers and all logs on 6 domain controllers and we are
generating approximately 2500 logs a day. Every week we generate
approximately 2 gigs worth of data, most of which is purged to make it more
manageable.

Chuck

-----Original Message-----
From: Ryan Murphy [mailto:RMurphy@irvinecompany.com]
Sent: Tuesday, December 14, 2004 11:54 AM
To: security-basics@securityfocus.com
Subject: Event log counts...

List,

I am currently working on implementing a windows syslog solution in which
Win2k servers will dump their application/system/security event logs to a
(likely Kiwi) syslog server in our environment. One of the questions that
needs to get answered in order to implement such a solution is "How many
total event log entries are we generating per minute/hour/day/week/month
across all 200 of our servers?" I'm currently at a loss as to how to answer
this question, and so I'm turning to the list for ideas. At first, I was
thinking about just picking a small representative sample of our servers,
and counting the number of events generated in a set period of time.
However, I've had a very hard time picking a small representative sample of
our overall server farm, and from my (albeit somewhat limited) research into
this avenue, there doesn't appear to be one. Is there a way that I could
query this kind of information somewhere in Windows? In the AD? NetIQ App
Manager? Do you guys know of any sort of utility that I could load that
would help me determine event counts? Should I write my own? Could I find
this information by querying WMI in a small VB app or something?

You ideas and suggestions are greatly appreciated.

Thanks,

Ryan

 
=============================
Notice to recipient: This e-mail is meant for only the intended recipient
of the transmission, and may be a confidential communication or a
communication privileged by law. If you received this e-mail in error, any
review, use, dissemination, distribution, or copying of this e-mail is
strictly prohibited. Please notify us immediately of the error by return
e-mail and please delete this message from your system. Thank you in
advance for your cooperation.

• Previous message: Kelly Martin: "SF new article announcement: WEP Dead Again, Part 1"
• Maybe in reply to: Ryan Murphy: "Event log counts..."
• Next in thread: Kurt: "RE: Event log counts..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]