Re: logging windows text-based files to central logging server

["Nathan W. Labadie" <ab0781 () WAYNE EDU>]

We're currently in the process of completing an implementation of Q1
Lab's QRadar for our SIM/NBAD services. One of our next major steps is
configuring our production hosts to send logging information to the
device. Q1 currently offers a native application for Windows for
logging, but prior to that Snare was recommended. We had good luck with
Snare on the few hosts we installed it on:

http://www.intersectalliance.com/projects/index.html

Thanks,
Nate

On Friday 27 July 2007, Michael Bayne wrote:
> We have a number of windows applications logging to text-based log
> files (IIS, apache, app servers, etc).  We'd like to get these logs
> off of the windows servers and onto our central syslog server and
> CS-MARS device in a (near) real-time manner. So far, I haven't been
> able to find a tool to do this reliably.  Intersect Alliance's Epilog
> Agent for Windows is the best I've seen so far, but I've found it
> prevents log rotation.
>
> So, I'm curious as to what you are doing.  Are you logging these
> text-based logs to a central location (syslog or otherwise)?  What
> tools are you using to do so?
>
> Thanks.

--
Nathan W. Labadie
Sr. Security Specialist
C&IT Security and Access Management
http://sam.wayne.edu
Wayne State University
http://www.wayne.edu

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
- Benjamin Franklin, 1759