Re: What to use for activity reporting?
From: Karl Levinson [x y] MVP (levinson_k@excite.com)
Date: 10/24/02
- Next message: Karl Levinson [x y] MVP: "Re: Application Popup Messenger Service SPAM"
- Previous message: Patrick Matthews: "Removal - Solitaire"
- In reply to: David Johnston: "What to use for activity reporting?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] MVP" <levinson_k@excite.com> Date: Thu, 24 Oct 2002 14:46:17 -0400
"David Johnston" <davidj@NO.SPAM.themembersgroup.com> wrote in message
news:#ZiIl5ueCHA.3556@tkmsftngp08...
> What are people using for activity reporting? I frequently get these
> questions from upstairs:
>
> -how many logon failures have we had over the past x days?
> -when did Mary last log on?
>
> I guess other questions in this category. I would also like to be alerted
> of suspect logon activity. Short of sifting thru volumes of event log
data,
> is there something out there that has a nice front end?
You can dump selected events from the Windows event logs using the Windows
Resource kit utility DUMPEL, or possibly the freeware utilities at
www.sysinternals.com These utilities can be scripted to run automatically
but dump the data into a plain text CSV file which can be opened with Excel.
I would recommend running these utilities locally on the computer that
contains the log files, since running them remotely sometimes does not seem
to see all the entries. Obviously there would be no canned reports, you
would decide which entries to report on and make the reports yourself.
For monitoring and alerting I would recommend www.ipsentry.com which is
around $100 US. Again, you decide from scratch what log entries you alert
on. Or, if you prefer, you can write a batch file that runs every 5 minutes
using the DUMPEL command to dump certain log entries to a plain text file
and alert you when the dump has changed due to a new log entry. There are
free copies of files such as WAIT.EXE which can be used to pause the process
for 5 minutes or so. Search www.google.com to find them.
The windows resource kit containing DUMPEL is not free, though the utilities
at www.sysinternals.com ARE free.
- Next message: Karl Levinson [x y] MVP: "Re: Application Popup Messenger Service SPAM"
- Previous message: Patrick Matthews: "Removal - Solitaire"
- In reply to: David Johnston: "What to use for activity reporting?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
