Security Basics mailing list archives

RE: Security log consolidation

From: "Garbrecht, Frederick" <FGarbrecht () ecogchair org>
Date: Fri, 22 Nov 2002 14:43:59 -0500

I wrote an article about some of the options and our own network
implementation of centralized logging:
http://rr.sans.org/casestudies/mixed_win.php
Hope it helps

Fred

-----Original Message-----
From: netsec novice [mailto:netsec9 () hotmail com]
Sent: Wednesday, November 20, 2002 2:57 PM
To: security-basics () securityfocus com
Subject: Security log consolidation


I am looking for a way to consolidate the output from the security event log

from about 40+ servers.  I know there are several tools out there that 
convert Event log messages to syslog and you are then able to use a single 
event log server to monitor activity.  Two that I have seen are EventTracker

and also Event Reporter from Adiscon.  I have also seen Kiwi Syslog and 
Winsyslog.  I'm looking to get advice from those of you out there that have 
done this and can lend input on what works well and what doesn't.  Thanks 
for your feedback.

N

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* 
http://join.msn.com/?page=features/virus

Current thread:

Security log consolidation netsec novice (Nov 22)
- <Possible follow-ups>
- RE: Security log consolidation Garbrecht, Frederick (Nov 25)