LogAnalysis
[logs] Eventlog to syslog Feb 29 2008 12:59PM
Marcelo de Souza (marcelo marcelosouza com) (3 replies)
Re: [logs] Eventlog to syslog Mar 06 2008 10:49PM
Anton Chuvakin (anton chuvakin org) (1 replies)
[logs] SYSLOG patent? Mar 12 2008 08:16AM
A Ananth (ananth802 yahoo com) (1 replies)
Re: [logs] SYSLOG patent? Mar 14 2008 11:18AM
Stefano Zanero (zanero elet polimi it) (1 replies)
Re: [logs] SYSLOG patent? Mar 14 2008 04:22PM
Balazs Scheidler (bazsi balabit hu) (4 replies)
Re: [logs] SYSLOG patent? Mar 15 2008 03:15AM
Bill Scherr IV (bschnzl cotse net) (1 replies)
Re: [logs] SYSLOG patent? Mar 15 2008 11:29PM
Marcus J. Ranum (mjr ranum com)
Re: [logs] SYSLOG patent? Mar 14 2008 08:13PM
Stephen John Smoogen (smooge gmail com)
RE: [logs] SYSLOG patent? Mar 14 2008 06:22PM
Rainer Gerhards (rgerhards hq adiscon com) (2 replies)
RE: [logs] SYSLOG patent? Mar 14 2008 06:46PM
Dee-Ann LeBlanc (dee splunk com)
Re: [logs] SYSLOG patent? Mar 14 2008 06:44PM
Ray Van Dolson (rvandolson esri com)
RE: [logs] SYSLOG patent? Mar 14 2008 06:15PM
Rainer Gerhards (rgerhards hq adiscon com)
Re: [logs] Eventlog to syslog Feb 29 2008 07:37PM
Anton Chuvakin (anton chuvakin org) (2 replies)
RE: [logs] Eventlog to syslog Feb 29 2008 09:06PM
Rainer Gerhards (rgerhards hq adiscon com)
Re: [logs] Eventlog to syslog Feb 29 2008 08:33PM
Daniel Cid (dcid ossec net)
Re: [logs] Eventlog to syslog Feb 29 2008 07:27PM
tbird precision-guesswork com (2 replies)
Re: [logs] Eventlog to syslog Feb 29 2008 09:10PM
David Corlette (DCorlette novell com) (1 replies)
[logs] wny not syslog on microsoft platforms Feb 29 2008 11:13PM
Rodney Thayer (rodney canola-jones com)
(appologies to the list for hijacking the thread. changed
subject lines to get out of the way of the original query.)

When I look at telemetry gathering on a tcp/ip network I want
to start with standard protocols. If there's a business
case for deviating then that's fine. #include <real_world.h>

I don't see an actual justification for not asking Microsoft
the same thing we ask Cisco or Checkpoint or or Arcsight
or anyone else anywhere near the log technology space -

do you support syslog, that being the tcp/ip-based
logging standard?

One would like to think one can rationally infer from
the positive responses you get from many vendors is that
this is a reasonable question...

I find it fascinating that Microsoft doesn't have an
eventlog-to-syslog converter themselves. And they don't
have a stock answer. Note the deafening lack of microsoft.com
knowledge base article URL's being posted here explaining
why they don't do syslog.

So, in my opinion, all vendors get the same query - why
do I want this instead of syslog?

And, no, it doesn't have to be OSS but I want to see it
interoperate on a test network, so I expect to see you
and some sourceforge team proving interoperability on the
wire. Or a reason why that's not a fair question.

David Corlette wrote:
> I guess the question is though whether the syslog part of the equation is a requirement. We have what we think is a pretty slick Windows remote monitoring tool, which uses WMI, but it doesn't convert to syslog (we also support Snare data from Windows, however).
>
> The question was stated as a very limited technical query, but you might find it more useful to state it as a business problem, like "how are people out there monitoring their Windows systems and the applications that run on them?"
>
> Also - does it have to be OSS? ;-)
>
>>>> On Fri, Feb 29, 2008 at 2:27 PM, in message
> <20080229132723.xzeyezigqowgc488 (at) www.precision-guesswork (dot) com [email concealed]>,
> <tbird (at) precision-guesswork (dot) com [email concealed]> wrote:
>> Quoting Marcelo de Souza <marcelo (at) marcelosouza (dot) com [email concealed]>:
>>
>>> Which tool do you really recommend for windows eventlog to unix
>>> syslog translation?
>>>
>>> I've been thinking about Snare, but I'd like to hear your opinion.
>>>
>>> Thanks in advance.
>> okay vendors and developers, here's your chance ;-) please be sure to
>> include technical details about your offerings. i may relax my
>> vendor-moderation-bar a bit, but the most helpful posts will be the
>> ones that give useful technical info about your architecture, the
>> kinds of rules processing you allow (if you have that functionality),
>> and any other bells and whistles that make your gizmo the best way to
>> simplify monitoring windows systems.
>>
>> pure marketing hype will be rejected, as per normal.
>>
>> marcelo, giving us more information about the types of windows systems
>> you want to monitor would be helpful for us to figure out which kinds
>> of tools are best. servers? desktops? the applications you depend on?
>> many windows applications -- even those included in the operating
>> system itself -- log to text files, not to the event log, so you may
>> have more to work with than you expect. more detail is always a good
>> thing.
>>
>> cheers -- tbird
>>
>> _______________________________________________
>> LogAnalysis mailing list
>> LogAnalysis (at) loganalysis (dot) org [email concealed]
>> http://www.loganalysis.org/mailman/listinfo/loganalysis
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis
>
>
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
Re: [logs] Eventlog to syslog Feb 29 2008 08:52PM
Rodney Thayer (rodney canola-jones com) (2 replies)
Re: [logs] Eventlog to syslog Feb 29 2008 11:02PM
Anton Chuvakin (anton chuvakin org) (1 replies)
Re: [logs] Eventlog to syslog Feb 29 2008 11:49PM
Marcus J. Ranum (mjr ranum com)
Re: [logs] Eventlog to syslog Feb 29 2008 10:17PM
tbird precision-guesswork com (4 replies)
RE: [logs] Eventlog to syslog Mar 03 2008 09:53PM
Desai, Ashish (Ashish Desai fmr com)
Re: [logs] Eventlog to syslog Mar 03 2008 07:08PM
Patrick Hull (nethead69 gmail com) (2 replies)
Re: [logs] Eventlog to syslog Mar 03 2008 08:47PM
David Corlette (DCorlette novell com) (1 replies)
Re: [logs] Eventlog to syslog Mar 03 2008 09:20PM
Patrick Hull (nethead69 gmail com)
Re: [logs] Eventlog to syslog Mar 03 2008 07:58PM
Mark Bagley (mbagley splunk com)
Re: [logs] Eventlog to syslog Feb 29 2008 11:56PM
David Corlette (DCorlette novell com)
Re: [logs] Eventlog to syslog Feb 29 2008 11:46PM
Andrew Hay (andrewsmhay gmail com) (2 replies)
Re: [logs] Eventlog to syslog Mar 01 2008 02:31AM
A Ananth (ananth802 yahoo com) (1 replies)
Re: [logs] Eventlog to syslog Mar 01 2008 02:55AM
Andrew Hay (andrewsmhay gmail com) (2 replies)
Re: [logs] Eventlog to syslog Mar 02 2008 08:34PM
Rodney Thayer (rodney canola-jones com)
Re: [logs] Eventlog to syslog Mar 01 2008 03:05AM
A Ananth (ananth802 yahoo com)
Re: [logs] Eventlog to syslog Mar 01 2008 02:17AM
Rodney Thayer (rodney canola-jones com)


 

Privacy Statement
Copyright 2010, SecurityFocus