I just wanted to add that MonitorWare can work agentless since a while
ago. I have to admit I do not like that mode because of network load,
stability issues and probably personal ignorance ;) That's nothing
MonitorWare-specific, these problems are relevant to all agentless
solutions. So you can't bash anyone.
I was finally overturned at Adiscon and so now we support it. Needless
to say that even though we do not run at the same machine, we can pull
remote event descriptions ;)
Rainer
> -----Original Message-----
> From: loganalysis-bounces (at) loganalysis (dot) org [email concealed] [mailto:loganalysis-
> bounces (at) loganalysis (dot) org [email concealed]] On Behalf Of
> jcalhoun (at) securityeventmonitoring (dot) com [email concealed]
> Sent: Friday, June 22, 2007 4:32 PM
> To: bschnzl (at) cotse (dot) net [email concealed]
> Cc: Jason Pinkey; loganalysis
> Subject: RE: [logs] Syslog and Windows
>
>
> Snare - Free and easy to setup
>
> MonitorWare - small fee, but dependable and has ability to monitor
flat
> files
>
> Lasso - Free and most scalable solution, doesn't require an agent on
> every machine you wish to retrieve logs from. Requires Domain Admin
or
> Local Admin privs to pull logs.
>
> I have used both Snare and Monitorware extensively on thousands of
> devices. Sometimes Snare will have to be restarted, or it loses it's
> place in the log and suddenly sends you the entire queue from the
> beginning, but you get what you pay for :). We are beginning to look
> into Lasso more and more due to its agent-less design and ease of
> deployment and maintenance.
>
> Thanks,
> Johnny Calhoun
> jcalhoun (at) securityeventmonitoring (dot) com [email concealed]
>
>
> > -------- Original Message --------
> > Subject: [logs] Syslog and Windows
> > From: "Bill Scherr IV" <bschnzl (at) cotse (dot) net [email concealed]>
> > Date: Fri, June 22, 2007 12:35 am
> > To: loganalysis <loganalysis (at) loganalysis (dot) org [email concealed]>
> >
> > All...
> >
> > What do you suggest for sending windows logs to syslog
> >
> > B.
> >
> > On 18 Jun 2007, a message purporting to be from Chris Brenton
> appeared:
> >
> > Subject: Re: [logs] Facility 101 (was: Syslog and
> facilities)
> > From: Chris Brenton <cbrenton (at) chrisbrenton (dot) org [email concealed]>
> > To: loganalysis <loganalysis (at) loganalysis (dot) org [email concealed]>
> > Date sent: Mon, 18 Jun 2007 09:04:41 -0400
> >
> > > The other problem is some of the facilities are a bit dated. For
> > example
> > > there is a facility for FTP (11) but not HTTP. UUCP even has its
> own
> > > facility (8) but of course no one uses it anymore (I use it for my
> > Windows
> > > stuff. Keeps it from getting mixed in with other log entries ;-)
> > >
> >
> > Bill Scherr IV, GSEC, GCIA
> > Principal Security Engineer
> > EWA Information and Infrastructure Technologies
> > bscherr (at) iit-tek (dot) com [email concealed]
> > bscherr (at) ewa (dot) com [email concealed]
> > 703-478-7608
> >
> > _______________________________________________
> > LogAnalysis mailing list
> > LogAnalysis (at) loganalysis (dot) org [email concealed]
> > http://www.loganalysis.org/mailman/listinfo/loganalysis
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis
I just wanted to add that MonitorWare can work agentless since a while
ago. I have to admit I do not like that mode because of network load,
stability issues and probably personal ignorance ;) That's nothing
MonitorWare-specific, these problems are relevant to all agentless
solutions. So you can't bash anyone.
I was finally overturned at Adiscon and so now we support it. Needless
to say that even though we do not run at the same machine, we can pull
remote event descriptions ;)
Rainer
> -----Original Message-----
> From: loganalysis-bounces (at) loganalysis (dot) org [email concealed] [mailto:loganalysis-
> bounces (at) loganalysis (dot) org [email concealed]] On Behalf Of
> jcalhoun (at) securityeventmonitoring (dot) com [email concealed]
> Sent: Friday, June 22, 2007 4:32 PM
> To: bschnzl (at) cotse (dot) net [email concealed]
> Cc: Jason Pinkey; loganalysis
> Subject: RE: [logs] Syslog and Windows
>
>
> Snare - Free and easy to setup
>
> MonitorWare - small fee, but dependable and has ability to monitor
flat
> files
>
> Lasso - Free and most scalable solution, doesn't require an agent on
> every machine you wish to retrieve logs from. Requires Domain Admin
or
> Local Admin privs to pull logs.
>
> I have used both Snare and Monitorware extensively on thousands of
> devices. Sometimes Snare will have to be restarted, or it loses it's
> place in the log and suddenly sends you the entire queue from the
> beginning, but you get what you pay for :). We are beginning to look
> into Lasso more and more due to its agent-less design and ease of
> deployment and maintenance.
>
> Thanks,
> Johnny Calhoun
> jcalhoun (at) securityeventmonitoring (dot) com [email concealed]
>
>
> > -------- Original Message --------
> > Subject: [logs] Syslog and Windows
> > From: "Bill Scherr IV" <bschnzl (at) cotse (dot) net [email concealed]>
> > Date: Fri, June 22, 2007 12:35 am
> > To: loganalysis <loganalysis (at) loganalysis (dot) org [email concealed]>
> >
> > All...
> >
> > What do you suggest for sending windows logs to syslog
> >
> > B.
> >
> > On 18 Jun 2007, a message purporting to be from Chris Brenton
> appeared:
> >
> > Subject: Re: [logs] Facility 101 (was: Syslog and
> facilities)
> > From: Chris Brenton <cbrenton (at) chrisbrenton (dot) org [email concealed]>
> > To: loganalysis <loganalysis (at) loganalysis (dot) org [email concealed]>
> > Date sent: Mon, 18 Jun 2007 09:04:41 -0400
> >
> > > The other problem is some of the facilities are a bit dated. For
> > example
> > > there is a facility for FTP (11) but not HTTP. UUCP even has its
> own
> > > facility (8) but of course no one uses it anymore (I use it for my
> > Windows
> > > stuff. Keeps it from getting mixed in with other log entries ;-)
> > >
> >
> > Bill Scherr IV, GSEC, GCIA
> > Principal Security Engineer
> > EWA Information and Infrastructure Technologies
> > bscherr (at) iit-tek (dot) com [email concealed]
> > bscherr (at) ewa (dot) com [email concealed]
> > 703-478-7608
> >
> > _______________________________________________
> > LogAnalysis mailing list
> > LogAnalysis (at) loganalysis (dot) org [email concealed]
> > http://www.loganalysis.org/mailman/listinfo/loganalysis
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis
[ reply ]