Security Basics mailing list archives
RE: Analysing Windows Syslogs
From: "Nicolas Malbranche" <nmalbranche () net2s com>
Date: Wed, 2 Aug 2006 09:43:16 -0400
When it comes to automated windows log parsing, here we're using GFI LANguard SELM, it's far from stellar but we couldn't find any decent alternatives at the time (this eventReader sounds nice though): It's slow, doesn't recognize that many events, eats ressources like there's no tomorrow, and there's a couple of implementation choices that just plain sucks (ah, they joy of receiving 3000 mail notifications for a single event that we didn't think of filtering).
-----Original Message----- From: jon.holvoet () pandora be [mailto:jon.holvoet () telenet be] Sent: Wednesday, August 02, 2006 6:07 AM To: security-basics () securityfocus com Cc: nmalbranche () net2s com Subject: Re: Analysing Windows Syslogs I can only agree on eventid.net. And while you are there, have a look at their tool eventreader ( http://www.altairtech.ca/eventreader/ ) if you want a cheap tool to automate event collection, and a direct link to their database. If the price is already too much, you can also use Evlog ( http://www.altairtech.ca/evlog/ ) which is free but with lesser functionalities.
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Analysing Windows Syslogs Ken Pedigo (Aug 01)
- <Possible follow-ups>
- RE: Analysing Windows Syslogs Hayes, Ian (Aug 02)
- Re: Analysing Windows Syslogs jon.holvoet () pandora be (Aug 02)
- RE: Analysing Windows Syslogs Nicolas Malbranche (Aug 02)