RE: Analysing Windows Syslogs

["Nicolas Malbranche" <nmalbranche () net2s com>]

When it comes to automated windows log parsing, here we're using GFI
LANguard SELM, it's far from stellar but we couldn't find any decent
alternatives at the time (this eventReader sounds nice though): It's slow,
doesn't recognize that many events, eats ressources like there's no
tomorrow, and there's a couple of implementation choices that just plain
sucks (ah, they joy of receiving 3000 mail notifications for a single event
that we didn't think of filtering).

> -----Original Message-----
> From: jon.holvoet () pandora be [mailto:jon.holvoet () telenet be] 
> Sent: Wednesday, August 02, 2006 6:07 AM
> To: security-basics () securityfocus com
> Cc: nmalbranche () net2s com
> Subject: Re: Analysing Windows Syslogs
>
> I can only agree on eventid.net. 
> And while you are there, have a look at their tool eventreader 
> ( http://www.altairtech.ca/eventreader/ ) if you want a cheap 
> tool to automate event collection, and a direct link to their database.
> If the price is already too much, you can also use Evlog ( 
> http://www.altairtech.ca/evlog/ ) which is free but with 
> lesser functionalities.


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------