PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Windows Syslog Agent

From: matt.wilbur at gmail.com (Matt Wilbur)
Date: Sun, 16 Nov 2008 19:02:49 -0800
Kiwi is great. It handles event logs great but we use another internally
developed tool to forward them from the Windows hosts. In the past I used a
free tool for this (ran as a service and forwarded security event log
entries to a syslog host), but I found it only sent about 3/4 of the entries
:)

If I remember correctly, what you need can be done with the free version.
The registered version gives you stuff like context-based sorting of logs
(eg if its from 1.2.3.4, send it to 1.2.3.4.txt, or flag it, or /dev/null
it, etc.)

-matt


On Sat, Nov 15, 2008 at 2:12 PM, Bugbear <gbugbear at gmail.com> wrote:


Kiwi excepts snmp too in addition to syslog

Not sure how well it will work with event logs

I use it with my cisco and procurve gear

Free and pay version is dirt cheap too

On 11/15/08, infolookup at gmail.com <infolookup at gmail.com> wrote:

I though splunk only runs on Linux? Does the app needs to run on windows?

If

so I heard of KiWI syslogger.
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: wishi <wishinet at googlemail.com>

Date: Sat, 15 Nov 2008 14:01:40
To: PaulDotCom Security Weekly Mailing List<

pauldotcom at mail.pauldotcom.com>

Subject: Re: [Pauldotcom] Windows Syslog Agent


Did anyone mention splunk jet?
http://www.splunk.com/


iamnowonmai schrieb:

There was also a dll floating around a few years back called evt2sys.

You

might still find it. Oh heck let me Google it now.....

https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/

2008/11/14 Nick Baronian <nbaronian at gmail.com>


Check out DAD.  It is a pretty slick opensource log analysis tool for
Windows that competes with MS MOM.
http://sourceforge.net/projects/lassie/
It hasn't been updated in about a year but it is still fairly feature
rich
and definitely worth a look.  It will read the event logs via a

minimally

privileged user and parse them on the backend, so an agent on each
machine
isn't necessary.  It dumps them all into a MySQL db which is
accessible/searchable via a PHP web interface.

-Nick


On Fri, Nov 14, 2008 at 6:16 PM, Jonathan Moore
<supermegatron at gmail.com>wrote:


On Fri, Nov 14, 2008 at 3:54 PM, Chris Merkel <cmerkel at gmail.com>

wrote:

Are there any free syslog agents for windows that will parse flat

file

logs for things like DNS, DHCP, IIS (in addition to event logs) on
Windows?

Here are a couple of syslog agents that run on Windows.  Their exact
features might vary a bit from what you're asking for, but you might
find them useful.

 * Snare <http://www.intersectalliance.com/projects/SnareWindows/>
 * Datagram syslog agent <

http://www.syslogserver.com/syslogagent.html>


-jon





_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



--
Sent from my mobile device
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081116/67975ef5/attachment.htm
Previous By Date Next
Previous By Thread Next

Current thread: