RE: [logs] Retrieving logs from Windows server

• Previous message: Harlan Carvey: "Re: [logs] Retrieving logs from Windows server"
• In reply to: Walter: "[logs] Retrieving logs from Windows server"
• Next in thread: Jian Zhen: "Re: [logs] Retrieving logs from Windows server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

****** VENDOR RESPONSE ******

There are commercial products that can do this.  When looking at a product,
the key considerations (at least mine) are:

- is an agent required or can monitoring be done remotely? (or both)
- is collection real-time or batch (e.g., forwarding logs over slow links)
or both? 
- how is the state of event log maintained so only new logs are collected
- how reliable is the collection, transmission, and storage facility? (e.g.,
forwarding via UDP or TCP) and can communication be encrypted?
- how are specific event log entries identified?  Can they be treated as
events, can I be notified?
- what type of tools are available for searching through and reporting on
event log entries?
- how are old event log entries treated?  Are they manually/automatically
deleted, can they be archived? Can they be restored?
- how many logs can realistically be collected and stored on-line?

Some products I'm familiar with that support Event Log collection:
- LogRhythm (our product)
- ArcSight
- eSecurity
- NetIQ
- Tivoli
- LT Auditor
- Addamark
- others listed at www.LogAnalysis.org

I don't know if this helps you or not, hopefully so without being a product
plug.

Cheers,

Chris Petersen
CTO, LogRhythm
www.logrhythm.com


-----Original Message-----
From: loganalysis-bounces+chris=security-conscious.com@private
[mailto:loganalysis-bounces+chris=security-conscious.com@private] On
Behalf Of Walter
Sent: Friday, January 21, 2005 3:17 PM
To: loganalysis@private
Subject: [logs] Retrieving logs from Windows server

Hello,
   I am trying to retrieve logs from a Windows server
but could not find any info on the same.
Any pointers?
Thanks!



	
		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - You care about security. So do we. 
http://promotions.yahoo.com/new_mail
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Previous message: Harlan Carvey: "Re: [logs] Retrieving logs from Windows server"
• In reply to: Walter: "[logs] Retrieving logs from Windows server"
• Next in thread: Jian Zhen: "Re: [logs] Retrieving logs from Windows server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jan 24 2005 - 10:05:45 PST