RE: Event Log Monitor Program

If you have the money.... (I know you are looking for an OSS/freeware, but but but) take a look at Splunk.

They have two different licensing models. One if you log more than 500 MB of data (I think), then you need to purchase a license. And if you log less than 500 MB of data, it's free although some features are missing.

Once I get an IT budget again, I'll try to get the pay version, as it's the best log analysis app I have ever seen.
Not only can you do Event viewer logs, it can also do IIS logs, Syslog etc.
We're in the housing market... and currently that's not so hot :-(

And the alerting feature is very cool, where you can setup rules to email you if a certain event is logged (guess the GFI does that too sort of).

Anyway, that's my two cents. Hopefully someone else responds and tells us that they know of a much better product for free :-)

-P

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Adam Savage
Sent: Thursday, September 20, 2007 12:11 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Event Log Monitor Program

     I'm looking for a good event log program that can consolidate all my event logs from my servers into one location. Then I can report on them and such. We purchased GFI Security Event Log Monitor but we find the program cumbersome at best and doesn't give you any insight on some of the event messages that are produced.  I'd like to know if there is a freeware/opensource solution.  I know GFI has recently come out with the Successor to SELM called EventsManager but we'd like to look into some other products that are out there first.

Any replies would be greatly appreciated.

Thank you,

Adam