Re: Windows event auditing and reporting
- From: "List Spam" <listspam@xxxxxxxxx>
- Date: Wed, 5 Apr 2006 08:40:24 -0700
For a good general starter, check out the "Library" section of
www.loganalysis.org. In particular, take a look at the various Event
Log to Syslog translators and subsequent Syslog reporting tools.
The reason I recommend conversions to Syslog are that it's a
well-known and well-supported format for open-source and commercial
tools of the type you're looking for. Additionally, it's the de-facto
logging standard for just about everything outside of the MS world -
e.g. Routers, Switches, most IDS, Unix, etc.
Once you get your logs into a generally vendor-agnostic format such as
Syslog, you open up numerous options that won't be otherwise
available, all the while keeping in tact those options that exist on
your platform of choice, such as LogParser, WMIC, EventcombMT, DUMPEL,
ELOGDUMP, etc. which can still be used in conjunction with your
overall log centralization, corrolation, and reporting facilities.
My two cents.
RE
On 4/3/06, rs <rsmade@xxxxxxxxx> wrote:
Can anyone recommend a good tool that will alert and report on Windows
Event logs, especially DC logs for events such as New user accounts,
changed user accounts, deleted user accounts, locked user accounts,
failed login attempts, expired passwords, dormant accounts, etc. We have
looked at both S.E.L.M from GFI (Reporting wasn't great) and Active
Administrator from ScriptLogic (Reporting was great but event criteria
was not customizable and it offers a ton of nice features that we don't
necessarily need but would be paying for.) . Just wanted to see if there
was anything else out there that someone could recommend?
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- References:
- Windows event auditing and reporting
- From: rs
- Windows event auditing and reporting
- Prev by Date: Re: Family protection - proxy?
- Next by Date: RE: Re: Family protection - proxy?
- Previous by thread: Re: Windows event auditing and reporting
- Next by thread: RE: Windows event auditing and reporting
- Index(es):
Relevant Pages
|
|
