RE: [logs] Syslog client alternatives for NT

From: Gibson, Jerry,, DMDCWEST (GibsonJBat_private)
Date: Tue Nov 13 2001 - 09:03:58 PST

  • Next message: xavier caballe : "[logs] OpenVMS Audit Log file"

    Hi Tina,  Had yesterday off so today is Monday #2.  Saw the reply form
    Nick@nfr but here is mine anyway..
    
    SLR will do any syslog (514/UDP).  Don't know if a mainframe is capable of
    sending syslog or netware either.  NT has an agent to send the event logs.
    There is an agent for Unix also but I haven't got any installed yet.  SLR
    cost around $5K they have a 2U Intel rackmount box for it if you want- most
    PC's will work.  The NID and SLR won't work on Gateways above 600mhz.  
    
    > -----Original Message-----
    > From:	Tina Bird [SMTP:tbird@precision-guesswork.com]
    > Sent:	Friday, November 09, 2001 1:16 PM
    > To:	Gibson, Jerry,, DMDCWEST
    > Cc:	'Frank Solomon'; loganalysisat_private
    > Subject:	RE: [logs] Syslog client alternatives for NT
    > 
    > How does the SLR get the NT data?  Does it do  Netware
    > or mainframes?  And what did it cost?
    > 
    > I've been very impressed with what I've seen of it, but
    > it's a higher dollar acquisition than EventReporter...
    > 
    > On Fri, 9 Nov 2001, Gibson, Jerry,, DMDCWEST wrote:
    > 
    > > Date: Fri, 9 Nov 2001 17:33:31 -0500 
    > > From: "Gibson, Jerry,, DMDCWEST" <GibsonJBat_private>
    > > To: 'Frank Solomon' <sysfrankat_private>, loganalysisat_private
    > > Subject: RE: [logs] Syslog client alternatives for NT
    > > 
    > > I am using NFR's SLR, have several routers, load balancers, NT event
    > logs
    > > and two firewall logging at level "warnings".  The SLR has a discard
    > rule
    > > that makes getting rid of unwanted messages easy.  I also have it set to
    > > alert on things like "UPDOWN" - pretty handy.   If there is time it is
    > very
    > > fun playing with open source.   Since there isn't, having support is the
    > > best.  In my opinion :)...
    > > Cheers
    > > Jerry Gibson 
    > > 
    > > > -----Original Message-----
    > > > From:	Frank Solomon [SMTP:sysfrankat_private]
    > > > Sent:	Friday, November 09, 2001 1:39 PM
    > > > To:	loganalysisat_private
    > > > Subject:	[logs] Syslog client alternatives for NT
    > > > 
    > > > Greetings:
    > > > 
    > > > We're currently working on developing a central syslog strategy.
    > > > 
    > > > Unix boxes seem to be very little problem.  We've got every kind there
    > is.
    > > > . .
    > > > 
    > > > We think we might be able to figure out how to trim out the garbage
    > from 
    > > > our firewall boxes; although this hasn't been proven yet.
    > > > 
    > > > We might even be able to integrate our Cisco IDS stuff, if we can ever
    > get
    > > > 
    > > > that working. . .we're not sure.
    > > > 
    > > > But we're curious how others have solved the centralization of logs
    > from 
    > > > other kinds of systems.  Specifically, Windows2000 or NT Servers,
    > Novell 
    > > > Servers running in the NDS environment, and IBM Mainframes running
    > MVS.
    > > > 
    > > > Right now we're experimenting with some free syslog client software
    > called
    > > > 
    > > > Backlog for NT.  But, it seems kind of poor in that it doesn't set the
    > 
    > > > Facility or Priority of the log messages dynamically based on the
    > content 
    > > > of the NT Event log message.  What's better?  Free or otherwise.
    > > > 
    > > > We're at a bit of a loss on Netware; it looks like the "syslog" it has
    > 
    > > > doesn't log remotely?  Or does it?  Also, apparently a lot of the data
    > > > gets 
    > > > squirrelled away in the NDS (directory).  Is there something that can 
    > > > forward this stuff in real time to a syslog daemon somewhere?  What
    > are 
    > > > others doing?
    > > > 
    > > > The mainframe guys laughed at me when I suggested we might want them
    > to 
    > > > forward logs to a central server.  MVS when it impersonates Unix does
    > have
    > > > 
    > > > a syslog facility.  But, it doesn't look like much useful stuff comes
    > out 
    > > > of it.  Is there something that makes the console log available via 
    > > > syslog?  What about ACF2 logs?  Any hope here?  Once again, what are
    > > > others 
    > > > doing?
    > > > 
    > > > Certainly, we could buy some big expensive package from Pentasafe or
    > IBM; 
    > > > but, we'd like to avoid that if we could, and work things into a
    > syslog 
    > > > environment.
    > > > 
    > > > Thanks in advance,
    > > > 
    > > > Frank
    > > > 
    > > > *****************************************
    > > > Frank Solomon
    > > > University of Kentucky
    > > > http://www.franksolomon.net
    > > > 
    > > > A good mechanic only needs two tools:  Duct tape and WD40.
    > > > WD40 to make things go; and duct tape to make them stop.
    > > > --unknown
    > > > *****************************************
    > > > 
    > > > 
    > > > ---------------------------------------------------------------------
    > > > To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    > > > For additional commands, e-mail: loganalysis-helpat_private
    > > 
    > > ---------------------------------------------------------------------
    > > To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    > > For additional commands, e-mail: loganalysis-helpat_private
    > > 
    > 
    > "I was being patient, but it took too long." - 
    >                                 Anya, "Buffy the Vampire Slayer"
    > 
    > Log Analysis: http://www.counterpane.com/log-analysis.html
    > VPN:  http://kubarb.phsx.ukans.edu/~tbird/vpn.html
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Tue Nov 13 2001 - 10:32:15 PST