MonitorWare - small fee, but dependable and has ability to monitor flat
files
Lasso - Free and most scalable solution, doesn't require an agent on
every machine you wish to retrieve logs from. Requires Domain Admin or
Local Admin privs to pull logs.
I have used both Snare and Monitorware extensively on thousands of
devices. Sometimes Snare will have to be restarted, or it loses it's
place in the log and suddenly sends you the entire queue from the
beginning, but you get what you pay for :). We are beginning to look
into Lasso more and more due to its agent-less design and ease of
deployment and maintenance.
Thanks,
Johnny Calhoun
jcalhoun (at) securityeventmonitoring (dot) com [email concealed]
> -------- Original Message --------
> Subject: [logs] Syslog and Windows
> From: "Bill Scherr IV" <bschnzl (at) cotse (dot) net [email concealed]>
> Date: Fri, June 22, 2007 12:35 am
> To: loganalysis <loganalysis (at) loganalysis (dot) org [email concealed]>
>
> All...
>
> What do you suggest for sending windows logs to syslog
>
> B.
>
> On 18 Jun 2007, a message purporting to be from Chris Brenton appeared:
>
> Subject: Re: [logs] Facility 101 (was: Syslog and facilities)
> From: Chris Brenton <cbrenton (at) chrisbrenton (dot) org [email concealed]>
> To: loganalysis <loganalysis (at) loganalysis (dot) org [email concealed]>
> Date sent: Mon, 18 Jun 2007 09:04:41 -0400
>
> > The other problem is some of the facilities are a bit dated. For
> example
> > there is a facility for FTP (11) but not HTTP. UUCP even has its own
> > facility (8) but of course no one uses it anymore (I use it for my
> Windows
> > stuff. Keeps it from getting mixed in with other log entries ;-)
> >
>
> Bill Scherr IV, GSEC, GCIA
> Principal Security Engineer
> EWA Information and Infrastructure Technologies
> bscherr (at) iit-tek (dot) com [email concealed]
> bscherr (at) ewa (dot) com [email concealed]
> 703-478-7608
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis
Snare - Free and easy to setup
MonitorWare - small fee, but dependable and has ability to monitor flat
files
Lasso - Free and most scalable solution, doesn't require an agent on
every machine you wish to retrieve logs from. Requires Domain Admin or
Local Admin privs to pull logs.
I have used both Snare and Monitorware extensively on thousands of
devices. Sometimes Snare will have to be restarted, or it loses it's
place in the log and suddenly sends you the entire queue from the
beginning, but you get what you pay for :). We are beginning to look
into Lasso more and more due to its agent-less design and ease of
deployment and maintenance.
Thanks,
Johnny Calhoun
jcalhoun (at) securityeventmonitoring (dot) com [email concealed]
> -------- Original Message --------
> Subject: [logs] Syslog and Windows
> From: "Bill Scherr IV" <bschnzl (at) cotse (dot) net [email concealed]>
> Date: Fri, June 22, 2007 12:35 am
> To: loganalysis <loganalysis (at) loganalysis (dot) org [email concealed]>
>
> All...
>
> What do you suggest for sending windows logs to syslog
>
> B.
>
> On 18 Jun 2007, a message purporting to be from Chris Brenton appeared:
>
> Subject: Re: [logs] Facility 101 (was: Syslog and facilities)
> From: Chris Brenton <cbrenton (at) chrisbrenton (dot) org [email concealed]>
> To: loganalysis <loganalysis (at) loganalysis (dot) org [email concealed]>
> Date sent: Mon, 18 Jun 2007 09:04:41 -0400
>
> > The other problem is some of the facilities are a bit dated. For
> example
> > there is a facility for FTP (11) but not HTTP. UUCP even has its own
> > facility (8) but of course no one uses it anymore (I use it for my
> Windows
> > stuff. Keeps it from getting mixed in with other log entries ;-)
> >
>
> Bill Scherr IV, GSEC, GCIA
> Principal Security Engineer
> EWA Information and Infrastructure Technologies
> bscherr (at) iit-tek (dot) com [email concealed]
> bscherr (at) ewa (dot) com [email concealed]
> 703-478-7608
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis
[ reply ]