Ian, You are somewhat ahead of me... I have been looking at syslog-ng with a mysql backend to do enterprise logging. My specifics are: IDS - Snort running ACID & Cisco 4235 appliance FW - Symantic Enterprise Firewall (formerly Raptor) Various unix and M$ devices as well... I can copy the FW logs with supplied client(s) which is fairly close to syslog format. The Cisco IDS is the only one I have not conceptually figured out yet. Like you I am also looking for a IIS and Event Log parser or syslog hook... Kevin Maute (RCF System/Security Admin) mailto:kevin.maute@private (937) 255-6565 x4250 -----Original Message----- From: loganalysis-bounces+kevin.maute=afit.edu@private [mailto:loganalysis-bounces+kevin.maute=afit.edu@private] On Behalf Of Rudy, Ian # PHX Sent: Thursday, February 26, 2004 6:01 PM To: 'loganalysis@private' Subject: [logs] IIS and Windows Event log parser to generate reports All, I currently have a central syslog server (running Linux) that records events from IDS, firewalls, routers, etc., and now Windows IIS logs and Windows Event log messages. I've been able to handle the current logs pretty well but need some suggestions for dealing with the additional Windows event information. Does anybody know of any good scripts or parsing tools to analyze the Windows IIS and Event Log information and generate reports (preferably html)? Thanks in advance, Ian This E-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply E-mail, and destroy all copies of the original message. _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Feb 27 2004 - 09:17:08 PST