Re: Looking for some event and security log monitoring software

[Champ Clark III <cclark () quadrantsec com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 7/10/12 8:50 PM, anthony kasza wrote:
> Conceptually similar to SNMP, but not the same. You configure
> Splunk with a service account. Periodically, Splunk will login to
> those designated systems and collect WMI information. The service
> account needs the proper rights and privileges to read WMI on each
> system.

Thank you.  I was using SNMP-trap in my example,  but that was
incorrect.  SNMP is a better analogy.

That's the way I was told WMI,  which I've never used,  worked.  How
often does polling typically take place?  I assume that configurable?

I typically don't like systems that have to manually "poll" for logs.
 Hence the reason I believe loading the agent is better.  However,
the downfall of that is... well... you have to load the agent...  Some
organizations/people don't like that idea either.


- -- 
- - Champ Clark III (cclark () quadrantsec com)
  Quadrant Information Security (http://quadrantsec.com)
  Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A
  GPG Key ID: 0381878A


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJP/NEzAAoJENnmXt7Lmc3KLcYH/ihIDmKtJfbgSdlFMwRVI9j9
I41Kcpz1cvL817VhgY0mv4uKYNnQ4laSrRYHkAhI4bkIVRkGOV3aEez8vl/0t83R
z5z1Bdr0T/+VNDLAuJRM3AqlUn6BPQ/8Z7WRBKAyJ0PZZiSwcxWvWRNhRvrBRczS
086j0hIoDQr/K/3yIwJnvbk+5bcgRqSfsv7B3Etaz/OKoYCcN/TRGu8+pjMeRF1g
D+f7x/jPpzhGTlc/JIMS1EnBIqq8YEjJ34IJuoT7vK+HSx5mJ1sGiP+aO6X23YJ6
Xzv7y9Dfq1dFB4ZmmUj7LVA/4wDLAbi5OQIqkpTd/2oQMjtHj2mA6zWhb8PVCz4=
=6QkV
-----END PGP SIGNATURE-----
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com