LogAnalysis
[logs] Exchange Logging May 08 2008 11:14PM
Philip Webster (p webster qut edu au) (1 replies)
[logs] Summary: Exchange Logging May 12 2008 01:49AM
Philip Webster (p webster qut edu au) (1 replies)
RE: [logs] Summary: Exchange Logging May 13 2008 08:21AM
Rainer Gerhards (rgerhards hq adiscon com) (1 replies)
[I am with the vendor/OS project]

Hi Phil,

due to a holiday I'am a bit late. I'd still like to add Adiscon's
MonitorWare Agent, who can convert any text files (and lots of other
sources) to syslog.

There now is a guide available for Exchange:

http://www.monitorware.com/Common/en/Articles/monitoring_exchange_messag

e_tracking_logfiles.php

On the receiver side, you can run GPLed rsyslog, which in turn can send
the logs to a file or database. Then, you may even review it online via
phpLogCon[1]. Obviously, good analysis on them is a different topic, but
we are looking into options inside phpLogCon. PhpLogCon and rsyslog are
GPL, the MonitorWare Agent sensor on Windows is commercial software.

I hope this still is useful.

Rainer

[1] http://www.phplogcon.org

> -----Original Message-----
> From: loganalysis-bounces (at) loganalysis (dot) org [email concealed] [mailto:loganalysis-
> bounces (at) loganalysis (dot) org [email concealed]] On Behalf Of Philip Webster
> Sent: Monday, May 12, 2008 3:49 AM
> To: loganalysis (at) loganalysis (dot) org [email concealed]
> Subject: [logs] Summary: Exchange Logging
>
> Most of the replies went to the list, but a brief summary:
>
> Philip Webster wrote on 09/05/2008 09:14 :
> > Just wondering how people handle Exchange logs ...
>
> [ snip ]
>
> > So do you centralise your logs? Use message tracking? Or ...? Is
> > there third-party (free/open?) software which you use for analysing
> the
> > logs?
>
> Snare Epilog for Windows
>
>
http://www.intersectalliance.com/projects/EpilogWindows/index.html
> Free, open source, can send to a syslog or Snare server.
>
> Splunk
>
> http://www.splunk.com/
> Commercial, appears to be licensed per volume, provides more
> than just log collection.
>
> EventTracker
>
> http://www.prismmicrosys.com/eventTracker.php
> Commercial, licensed per logging device, provides more than just
> log collection.
>
> Splunk and EventTracker look like they're firmly in the SIEM space.
>
> Snare Epilog is more analogous to a syslog daemon for Windows, with
> built-in Exchange support. (And it is developed in Australia!)
>
>
> Thanks to all who replied. I'll try to provide an update when we're
up
> and running - particularly once we've begun to analyse the logs.
>
> Cheers
> Phil
>
> --
>
> Philip Webster, IT Security Engineer
> Queensland University of Technology
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis

_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]
Re: [logs] Summary: Exchange Logging May 16 2008 05:03PM
Daniel Cid (dcid ossec net)


 

Privacy Statement
Copyright 2010, SecurityFocus