LogAnalysis
[logs] Exchange Logging May 08 2008 11:14PM
Philip Webster (p webster qut edu au) (1 replies)
[logs] Summary: Exchange Logging May 12 2008 01:49AM
Philip Webster (p webster qut edu au) (1 replies)
Most of the replies went to the list, but a brief summary:

Philip Webster wrote on 09/05/2008 09:14 :
> Just wondering how people handle Exchange logs ...

[ snip ]

> So do you centralise your logs? Use message tracking? Or ...? Is
> there third-party (free/open?) software which you use for analysing the
> logs?

Snare Epilog for Windows

http://www.intersectalliance.com/projects/EpilogWindows/index.html
Free, open source, can send to a syslog or Snare server.

Splunk

http://www.splunk.com/
Commercial, appears to be licensed per volume, provides more
than just log collection.

EventTracker

http://www.prismmicrosys.com/eventTracker.php
Commercial, licensed per logging device, provides more than just
log collection.

Splunk and EventTracker look like they're firmly in the SIEM space.

Snare Epilog is more analogous to a syslog daemon for Windows, with
built-in Exchange support. (And it is developed in Australia!)

Thanks to all who replied. I'll try to provide an update when we're up
and running - particularly once we've begun to analyse the logs.

Cheers
Phil

--

Philip Webster, IT Security Engineer
Queensland University of Technology
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
RE: [logs] Summary: Exchange Logging May 13 2008 08:21AM
Rainer Gerhards (rgerhards hq adiscon com) (1 replies)
Re: [logs] Summary: Exchange Logging May 16 2008 05:03PM
Daniel Cid (dcid ossec net)


 

Privacy Statement
Copyright 2010, SecurityFocus