Educause Security Discussion mailing list archives
Re: logging windows text-based files to central logging server
From: "Havens, Ben" <benh () BF UMICH EDU>
Date: Mon, 30 Jul 2007 15:56:39 -0400
You don't say whether you are considering non-free options. The syslog-ng Premium Edition offers a Windows agent that interprets text logs as well as event logs. -----Original Message----- From: Michael Bayne [mailto:baynema () JMU EDU] Sent: Monday, July 30, 2007 3:44 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] logging windows text-based files to central logging server Thanks to the people who've responded. So far, I've heard of three tools: 1. Kiwi Secure Tunnel: unless I'm misunderstanding the product, it only provides an encrypted tunneling for messages it's received from the network to another syslog server. Handy, but not what I'm needing (If I am misunderstanding what it does, let me know and I'll dig into it more). 2. Snare from Intersect Alliance: we use this currently on our Windows servers and it does a good job. It's limited, however, to only sending Windows Event logs to a syslog server. We're looking for something that'll handle all the other logs on our Windows boxes. 3. Epilog from Intersect Alliance: this is Intersect Alliance's solution for those other logs on Windows boxes. We evaluated this for several weeks and found problems with it. Our Windows application servers are configured to rotate their log files when they reach a certain size. Epilog prevented this rotation, resulting in the application group yelling at me when the log file filled up a hard drive. Any body else have any solutions they'd care to share? I'm trying desperately to avoid trying to write my own since my C is terribly rusty. Thanks. Michael Bayne wrote:
We have a number of windows applications logging to text-based log files (IIS, apache, app servers, etc). We'd like to get these logs off of the windows servers and onto our central syslog server and CS-MARS device in a (near) real-time manner. So far, I haven't been able to find a tool to do this reliably. Intersect Alliance's Epilog Agent for Windows is the best I've seen so far, but I've found it prevents log rotation. So, I'm curious as to what you are doing. Are you logging these text-based logs to a central location (syslog or otherwise)? What tools are you using to do so? Thanks.
-- Mike Bayne Security Engineer baynema () jmu edu 1.540.568.1684
Current thread:
- logging windows text-based files to central logging server Michael Bayne (Jul 27)
- <Possible follow-ups>
- Re: logging windows text-based files to central logging server Anthony Maszeroski (Jul 27)
- Re: logging windows text-based files to central logging server Deepak J. Mathew (Jul 27)
- Re: logging windows text-based files to central logging server Joel Rosenblatt (Jul 27)
- Re: logging windows text-based files to central logging server Aaron Wade (Jul 27)
- Re: logging windows text-based files to central logging server Edgmand, Craig (Jul 27)
- Re: logging windows text-based files to central logging server Nathan W. Labadie (Jul 27)
- Re: logging windows text-based files to central logging server Michael Bayne (Jul 27)
- Re: logging windows text-based files to central logging server Michael Bayne (Jul 30)
- Re: logging windows text-based files to central logging server Havens, Ben (Jul 30)
- Re: logging windows text-based files to central logging server Michael Bayne (Jul 30)
- Re: logging windows text-based files to central logging server Julian J Thompson (jthmpsn2) (Jul 31)