RE: [logs] Retrieving logs from Windows server

From: Chris Petersen (
Date: Mon Jan 24 2005 - 09:52:42 PST

****** VENDOR RESPONSE ******

There are commercial products that can do this.  When looking at a product,
the key considerations (at least mine) are:

- is an agent required or can monitoring be done remotely? (or both)
- is collection real-time or batch (e.g., forwarding logs over slow links)
or both? 
- how is the state of event log maintained so only new logs are collected
- how reliable is the collection, transmission, and storage facility? (e.g.,
forwarding via UDP or TCP) and can communication be encrypted?
- how are specific event log entries identified?  Can they be treated as
events, can I be notified?
- what type of tools are available for searching through and reporting on
event log entries?
- how are old event log entries treated?  Are they manually/automatically
deleted, can they be archived? Can they be restored?
- how many logs can realistically be collected and stored on-line?

Some products I'm familiar with that support Event Log collection:
- LogRhythm (our product)
- ArcSight
- eSecurity
- NetIQ
- Tivoli
- LT Auditor
- Addamark
- others listed at

I don't know if this helps you or not, hopefully so without being a product


Chris Petersen
CTO, LogRhythm

-----Original Message-----
[] On
Behalf Of Walter
Sent: Friday, January 21, 2005 3:17 PM
To: loganalysis@private
Subject: [logs] Retrieving logs from Windows server

   I am trying to retrieve logs from a Windows server
but could not find any info on the same.
Any pointers?

Do you Yahoo!? 
Yahoo! Mail - You care about security. So do we.
LogAnalysis mailing list

LogAnalysis mailing list

This archive was generated by hypermail 2.1.3 : Mon Jan 24 2005 - 10:05:45 PST