LogAnalysis
[logs] Exchange Logging May 08 2008 11:14PM
Philip Webster (p webster qut edu au) (1 replies)
[logs] Summary: Exchange Logging May 12 2008 01:49AM
Philip Webster (p webster qut edu au) (1 replies)
RE: [logs] Summary: Exchange Logging May 13 2008 08:21AM
Rainer Gerhards (rgerhards hq adiscon com) (1 replies)
Re: [logs] Summary: Exchange Logging May 16 2008 05:03PM
Daniel Cid (dcid ossec net)
Hi Phil,

I am a bit late too, but don't forget of OSSEC, which can analyze MS
Exchange logs, IIS, Windows
Event log, etc (actually, most logs from Windows). It is open source too...

For a list of all the logs we currently support, take a look at:
http://www.ossec.net/wiki/index.php/Supported-Logs

*btw, I am the developer of ossec.

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net

On Tue, May 13, 2008 at 5:21 AM, Rainer Gerhards
<rgerhards (at) hq.adiscon (dot) com [email concealed]> wrote:
> [I am with the vendor/OS project]
>
> Hi Phil,
>
> due to a holiday I'am a bit late. I'd still like to add Adiscon's
> MonitorWare Agent, who can convert any text files (and lots of other
> sources) to syslog.
>
> There now is a guide available for Exchange:
>
> http://www.monitorware.com/Common/en/Articles/monitoring_exchange_messag

> e_tracking_logfiles.php
>
> On the receiver side, you can run GPLed rsyslog, which in turn can send
> the logs to a file or database. Then, you may even review it online via
> phpLogCon[1]. Obviously, good analysis on them is a different topic, but
> we are looking into options inside phpLogCon. PhpLogCon and rsyslog are
> GPL, the MonitorWare Agent sensor on Windows is commercial software.
>
> I hope this still is useful.
>
> Rainer
>
> [1] http://www.phplogcon.org
>
>
>> -----Original Message-----
>> From: loganalysis-bounces (at) loganalysis (dot) org [email concealed] [mailto:loganalysis-
>> bounces (at) loganalysis (dot) org [email concealed]] On Behalf Of Philip Webster
>> Sent: Monday, May 12, 2008 3:49 AM
>> To: loganalysis (at) loganalysis (dot) org [email concealed]
>> Subject: [logs] Summary: Exchange Logging
>>
>> Most of the replies went to the list, but a brief summary:
>>
>> Philip Webster wrote on 09/05/2008 09:14 :
>> > Just wondering how people handle Exchange logs ...
>>
>> [ snip ]
>>
>> > So do you centralise your logs? Use message tracking? Or ...? Is
>> > there third-party (free/open?) software which you use for analysing
>> the
>> > logs?
>>
>> Snare Epilog for Windows
>>
>>
> http://www.intersectalliance.com/projects/EpilogWindows/index.html
>> Free, open source, can send to a syslog or Snare server.
>>
>> Splunk
>>
>> http://www.splunk.com/
>> Commercial, appears to be licensed per volume, provides more
>> than just log collection.
>>
>> EventTracker
>>
>> http://www.prismmicrosys.com/eventTracker.php
>> Commercial, licensed per logging device, provides more than just
>> log collection.
>>
>> Splunk and EventTracker look like they're firmly in the SIEM space.
>>
>> Snare Epilog is more analogous to a syslog daemon for Windows, with
>> built-in Exchange support. (And it is developed in Australia!)
>>
>>
>> Thanks to all who replied. I'll try to provide an update when we're
> up
>> and running - particularly once we've begun to analyse the logs.
>>
>> Cheers
>> Phil
>>
>> --
>>
>> Philip Webster, IT Security Engineer
>> Queensland University of Technology
>> _______________________________________________
>> LogAnalysis mailing list
>> LogAnalysis (at) loganalysis (dot) org [email concealed]
>> http://www.loganalysis.org/mailman/listinfo/loganalysis
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis
>
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus