RE: Encrypted Automated Session from Windows Mach.?

[Keith Bucher <kbucher () halomede com>]

> -------- Original Message --------
> Subject: Encrypted Automated Session from Windows Mach.?
> From: Leo Garcia <steelerborn () yahoo com>
> Date: Tue, August 09, 2005 7:35 am
> To: security-basics () securityfocus com
>
> Do anyone know of or have a good tool to run an
> automated encrypted session (SCP,SFTP,Secure Tunnel,
> etc...) from a Windows box to send event logs to a
> syslog server. I wrote a script for UNIX but I am not
> as adversed in DOS in writing scripts ;--(..... 
>
> Any thoughts are welcome, thanks.
>
> L. 

If you are just trying to copy the event log files over I would
recommend using pscp, part of the putty distribution.

http://www.chiark.greenend.org.uk/~sgtatham/putty/

You can create a scheduled task with a command line similar to this:

c:\putty\pscp -batch -pw password
c:\windows\system32\config\SecEvent.Evt user () server com 

I would recommend using a single-purpose key.


If you are trying to translate the event log events to syslog, there are
a list of programs that do this here:

http://www.loganalysis.org/sections/syslog/windows-to-syslog/

And a good tutorial on how to use stunnel to encrypt the messages sent
to the syslog server.  (It is written to be EventReporter specific, but
the outlined technique will work with any program.)

http://www.monitorware.com/Common/en/Articles/eventlog-stunnel-syslog.php

Keith Bucher