Security Basics mailing list archives

Re: Monitoring sys admins activities

From: "Champ Clark III [Softwink]" <champ () softwink com>
Date: Wed, 15 Sep 2010 15:46:51 -0400

On Wed, Sep 15, 2010 at 09:52:42AM +0300, Ali Demir?z wrote:

You can give NtSyslog (http://sourceforge.net/projects/ntsyslog/)  a
try. It is a bit outdated open source project which creates a service
that parses your system logs and send them over syslog to a server.
But I have no idea how to prevent sysadmin not to close such a service.


        I'd suggest this:

        http://code.google.com/p/eventlog-to-syslog/

        It is updated and works very well.  Also,  check out Sagan
(shameless plug).  It's a new (beta) SEIM i've been working on for
correlating events. 

-- 
        Champ Clark III | Softwink, Inc | 800-538-9357 x 101
                     http://www.softwink.com

GPG Key ID: 58A2A58F
Key fingerprint = 7734 2A1C 007D 581E BDF7  6AD5 0F1F 655F 58A2 A58F
If it wasn't for C, we'd be using BASI, PASAL and OBOL.

Attachment: _bin
Description:

Current thread:

Monitoring sys admins activities Juan B (Sep 14)
- Re: Monitoring sys admins activities Rolf Huisman (Sep 15)
- <Possible follow-ups>
- Re: Monitoring sys admins activities krymson (Sep 14)
  - Re: Monitoring sys admins activities Fred Concklin (Sep 15)
  - Re: Monitoring sys admins activities Ali Demiröz (Sep 15)
    - Re: Monitoring sys admins activities Champ Clark III [Softwink] (Sep 16)