Hello, Windows 2000 has a built-in time service that support synchronization with NTP servers (see NET TIME /? from a command line). By default, Windows 2000/XP machines part of a domain/AD synchronize their time with the domain controller. You may sync the time on the syslog server and use the time stamp from the syslog server itself as a reference for the events logged. I guess the only drawback is that there may be a difference between the time the event is generated and the time when it is actually recorded by the syslog server. I am using WinSyslog running on Windows 2000 and it offers many options in regard to time stamps. I analyze the syslog logs with Adiscon Monilog (www.monilog.com) and it supports Linux-based syslog logs as well. Regards, Adrian Grigorof www.eventid.net ----- Original Message ----- From: "Ryan" <ryanat_private> To: <loganalysisat_private> Sent: Tuesday, February 11, 2003 1:05 PM Subject: [logs] NTP Client? > Hi, > > I'm working on creating a syslog infrastucture on a network, and was > wondering about synching the times on all the machines. I will be using > NTP, but on the Windows 2000 Server I'm not sure what to use for a NTP > client. > > Also, I've found that my Cisco 1924 switch doesn't support NTP. Should > I even worry about having correct time in relation to the rest of the > network? This would mean that the switch's time wouldn't be exactly the > same as the rest of the network when logging. How should I solve these > problems? Let me know. Thanks. > > Ryan > www.packetwatch.net > > _______________________________________________ > LogAnalysis mailing list > LogAnalysisat_private > http://lists.shmoo.com/mailman/listinfo/loganalysis > _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Feb 11 2003 - 11:11:01 PST