RE: [logs] Monitoring Windows Security Events

From: John Campbell (jcampbell@private)
Date: Thu Oct 02 2003 - 09:11:29 PDT

  • Next message: Andy Cuff [Talisker]: "Re: [logs] Monitoring Windows Security Events"

    >-----Original Message-----
    >From: Brian Anon [mailto:brian_anon@private] 
    >Sent: Thursday, October 02, 2003 6:02 AM
    >To: loganalysis@private
    >Subject: [logs] Monitoring Windows Security Events
    >I would appreciate hearing how others monitor events in their Windows 
    >security event logs in a large distributed network.
    You might look at Microsoft Operations Manager.  Its specific mission is
    to monitor Event logs and other data sources in Windows environments,
    generate and consolidate alerts, load them into a SQL Server database,
    and present them on a console for action by administrators.  It works
    via machine agents (remotely manageable and deployable) and intermediate
    consolidator/agent managers, so it scales well.  Downside, it is quite
    pricey at list, but it would likely do what you are talking about.
    John Campbell, CISSP, GCWN
    Security Engineer
    Washington School Information Processing Cooperative (WSIPC)
    Everett, WA, USA
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Thu Oct 02 2003 - 16:01:53 PDT