Event Log Management

Associate
Joined
24 Jun 2007
Posts
1,869
Location
Landan.
Afternoon all,

Just wondering if any of you use an app for centrally managing event logs across Windows servers?

We have about 50+ Windows servers that we would like to keep a closer eye on. Currently I'm thinking of creating a web app myself that pulls the logs from the servers via WMI and then parses them based on whether they're transient/persistent, and interfaces with eventid.net to give useful information.

We were going to try and use Zenos but the developer who was working on it has had to spend more time on his PhD and so it's on the backburner.

Any ideas/suggestions welcome :)
 
Associate
OP
Joined
24 Jun 2007
Posts
1,869
Location
Landan.
Associate
Joined
5 Feb 2009
Posts
424
Microsoft SCOM does this doesn't it? In fact it does it a little more intelligently in that you can create queries for specific types of event.

Not sure of price but if you are a VL customer it's likely to be v.v.v.v competitive.
 
Soldato
Joined
27 Mar 2003
Posts
2,635
a product i use is called exaprotect. Very good piece of kit and can not only do windows event logs but also custom logs from other apps including sql databases and firewall products plus can have custom scripts developed for any bespoke apps that need log management and threat analysis.

It can then review the logs and identify potential threats / issues within the network/ application.

We have the entry level version but this is a product that is used by the likes of NASA, major banks and many of the pharmacutical companies.

we got it primarily to help with PCI DSS compliance.

It is pricey at around 40K for the entry level version we have, but we got a very good deal on it and paid only a fraction of the asking price.

edit: Before using this I had set up a freeware linux system called OSSEC HIDS this runs a little agent on the servers and logs the data back to the main OSSEC HIDS server you can check the details here: http://www.ossec.net/
its good just to get to grips with log managements and threat detection but we needed something a little more robust for PCI compliance hence the purchase of the exaprotect product.
 
Last edited:
Top Bottom