You mean like WS-Eventing, which is built into Windows Vista and Windows
Server 2008?
WS-Management, also built-in (and technically the delivery mechanism for
our events, since oddly enough WS-Eventing is a subscription management
protocol and does not concern itself with event delivery) includes a
heartbeat mechanism.
:-)
Best regards,
Eric
-----Original Message-----
From: loganalysis-bounces (at) loganalysis (dot) org [email concealed]
[mailto:loganalysis-bounces (at) loganalysis (dot) org [email concealed]] On Behalf Of
jcalhoun (at) securityeventmonitoring (dot) com [email concealed]
Sent: Thursday, June 28, 2007 8:16 AM
To: saudi sans
Cc: loganalysis (at) loganalysis (dot) org [email concealed]
Subject: RE: [logs] Remote log access
How cool would it be if M$ would incorporate remote logging natively?
Possibly even set it up as as service that could be controlled remotely.
That would make it easily deployable and easy to maintain for admins. I
am sure this has been said before, sorry if I'm echoing.
I like the agentless design too though, but I agree, I don't like having
to use admin rights to pull the logs. Seems like a "log" user could be
set up with special rights to view and forward the logs.
I would also like to see more logging software build in heartbeats. I
believe Monitorware already does this. Without heartbeats, it's
difficult to determine when a box has stopped reporting.
--
Johnny Calhoun
jcalhoun (at) securityeventmonitoring (dot) com [email concealed]
www.securityeventmonitoring.com
> -------- Original Message --------
> Subject: [logs] Remote log access
> From: "saudi sans" <saudisans (at) gmail (dot) com [email concealed]>
> Date: Thu, June 28, 2007 1:30 am
> To: loganalysis (at) loganalysis (dot) org [email concealed]
>
> We are using a SIM solution which has an agent which picks up windows
> logs remotely.
>
> On this agent we have to give a user-id/password of the target server
> from where windows event logs have to be picked up. This
> user-id/password needs admin rights on target server. The agent also
> needs remote registry access on target server. It works well.
>
> But I am not comfortable giving admin rights and remote registry
> access just for pulling event logs.
>
> >From microsoft experts on this list - what minimum permissions are to
> be provided on a target windows machine for a remote software to
> access its event logs?
>
> I am aware of solutions which push out the logs from the windows to
> the agent , but i am specifically interested in the pull model with
> just-the-minimum privileges.
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis
Server 2008?
WS-Management, also built-in (and technically the delivery mechanism for
our events, since oddly enough WS-Eventing is a subscription management
protocol and does not concern itself with event delivery) includes a
heartbeat mechanism.
:-)
Best regards,
Eric
-----Original Message-----
From: loganalysis-bounces (at) loganalysis (dot) org [email concealed]
[mailto:loganalysis-bounces (at) loganalysis (dot) org [email concealed]] On Behalf Of
jcalhoun (at) securityeventmonitoring (dot) com [email concealed]
Sent: Thursday, June 28, 2007 8:16 AM
To: saudi sans
Cc: loganalysis (at) loganalysis (dot) org [email concealed]
Subject: RE: [logs] Remote log access
How cool would it be if M$ would incorporate remote logging natively?
Possibly even set it up as as service that could be controlled remotely.
That would make it easily deployable and easy to maintain for admins. I
am sure this has been said before, sorry if I'm echoing.
I like the agentless design too though, but I agree, I don't like having
to use admin rights to pull the logs. Seems like a "log" user could be
set up with special rights to view and forward the logs.
I would also like to see more logging software build in heartbeats. I
believe Monitorware already does this. Without heartbeats, it's
difficult to determine when a box has stopped reporting.
--
Johnny Calhoun
jcalhoun (at) securityeventmonitoring (dot) com [email concealed]
www.securityeventmonitoring.com
> -------- Original Message --------
> Subject: [logs] Remote log access
> From: "saudi sans" <saudisans (at) gmail (dot) com [email concealed]>
> Date: Thu, June 28, 2007 1:30 am
> To: loganalysis (at) loganalysis (dot) org [email concealed]
>
> We are using a SIM solution which has an agent which picks up windows
> logs remotely.
>
> On this agent we have to give a user-id/password of the target server
> from where windows event logs have to be picked up. This
> user-id/password needs admin rights on target server. The agent also
> needs remote registry access on target server. It works well.
>
> But I am not comfortable giving admin rights and remote registry
> access just for pulling event logs.
>
> >From microsoft experts on this list - what minimum permissions are to
> be provided on a target windows machine for a remote software to
> access its event logs?
>
> I am aware of solutions which push out the logs from the windows to
> the agent , but i am specifically interested in the pull model with
> just-the-minimum privileges.
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis
[ reply ]