Security Basics mailing list archives
Re: Monitoring sys admins activities
From: "Champ Clark III [Softwink]" <champ () softwink com>
Date: Wed, 15 Sep 2010 15:46:51 -0400
On Wed, Sep 15, 2010 at 09:52:42AM +0300, Ali Demir?z wrote:
You can give NtSyslog (http://sourceforge.net/projects/ntsyslog/) a try. It is a bit outdated open source project which creates a service that parses your system logs and send them over syslog to a server. But I have no idea how to prevent sysadmin not to close such a service.
I'd suggest this: http://code.google.com/p/eventlog-to-syslog/ It is updated and works very well. Also, check out Sagan (shameless plug). It's a new (beta) SEIM i've been working on for correlating events. -- Champ Clark III | Softwink, Inc | 800-538-9357 x 101 http://www.softwink.com GPG Key ID: 58A2A58F Key fingerprint = 7734 2A1C 007D 581E BDF7 6AD5 0F1F 655F 58A2 A58F If it wasn't for C, we'd be using BASI, PASAL and OBOL.
Attachment:
_bin
Description:
Current thread:
- Monitoring sys admins activities Juan B (Sep 14)
- Re: Monitoring sys admins activities Rolf Huisman (Sep 15)
- <Possible follow-ups>
- Re: Monitoring sys admins activities krymson (Sep 14)
- Re: Monitoring sys admins activities Fred Concklin (Sep 15)
- Re: Monitoring sys admins activities Ali Demiröz (Sep 15)
- Re: Monitoring sys admins activities Champ Clark III [Softwink] (Sep 16)