2008/1/31, William M. Ryan <wmr02 (at) health.state.ny (dot) us [email concealed]>:
>
>
> Earlier in my search for an event management solution I found one that
> seemed to meet my requirements so I downloaded a 30 day eval. It worked
> great on my local servers so after a while I tried it on a server at my
> remote site. It promptly saturated the line (256k) with traffic and kept
> it saturated (over a weekend) when nobody was working. The moral of the
> story is don't buy without doing a thorough test of product configured as
> you plan to use it (Many companies have optional modules and features to
> enhance their offerings (and their bottom line)) and you test it on a
> representative sample of the equipment you're going to use.
>
> Also consider ease of deployment. Is there an agent, how configurable is
> it, How tricky to install, will I kill my lines when copying the agent to
> remote servers.
>
> William M. Ryan
> Information Technology Specialist 4
> Bureau of Information Technology Services
> NYS DOH Division of Nutrition
>
>
>
>
> "Starks, Brad"
> <BStarks (at) co (dot) mari [email concealed]n
> .ca.us> To
> Sent by: "Ron Johnson - Adhost"
> listbounce@securi <ron (at) adhost (dot) com [email concealed]>, "Kurt Buff"
> tyfocus.com <kurt.buff (at) gmail (dot) com [email concealed]>
> cc
> <focus-ms (at) securityfocus (dot) com [email concealed]>
> 01/30/2008 06:50 Subject
> PM RE: Centralizing Event Viewer Logs
>
>
>
>
>
>
>
>
>
>
> Take a look at Event Tracker from Prism Microsystems. It's pretty
> extensive as far as what it can do, so it may be more than you are
> looking for, but it's worth a visit: http://www.prismmicrosys.com
> Brad
>
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
> On Behalf Of Ron Johnson - Adhost
> Sent: Tuesday, January 29, 2008 12:27 PM
> To: Kurt Buff
> Cc: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: RE: Centralizing Event Viewer Logs
>
> Thanks for all the quick input folks. I will definitely look into each
> solution.
>
>
> -Ron
>
> -----Original Message-----
> From: Kurt Buff [mailto:kurt.buff (at) gmail (dot) com [email concealed]]
> Sent: Tuesday, January 29, 2008 12:24 PM
> To: Ron Johnson - Adhost
> Cc: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Re: Centralizing Event Viewer Logs
>
> There are several alternatives, but I've settled on the Kiwisoft
> syslog server (the free version is fine, but the pay version is cheap
> and does some very nice extra things) and the IntersectAlliance Snare
> syslog client. The Snare client takes each event entry, formats it to
> a single line, then sends it to the syslog server. Install it on each
> of your machines for which you are monitoring event logs, and it works
> nicely.
>
> On Jan 29, 2008 11:51 AM, Ron Johnson - Adhost <ron (at) adhost (dot) com [email concealed]> wrote:
> > Hello List:
> >
> > I was looking into options that will allow us to centralize Event
> Viewer
> > Logs in an Active Directory domain - can anyone recommend any software
> > for this? It would be great if we could find a piece of software that
> > does just this - not a full blown enterprise security solution that
> > cost$ and does many other things that we wouldn't use it for
> > necessarily.
> >
> > Thanks!
> >
>
> Email Disclaimer: http://www.co.marin.ca.us/nav/misc/EmailDisclaimer.cfm
>
>
>
>
> IMPORTANT NOTICE: This e-mail and any attachments may contain confidential or sensitive information which is, or may be, legally privileged or otherwise protected by law from further disclosure. It is intended only for the addressee. If you received this in error or from someone who was not authorized to send it to you, please do not distribute, copy or use it or any attachments. Please notify the sender immediately by reply e-mail and delete this from your system. Thank you for your cooperation.
>
>
Try http://eventlog-monitor.info
2008/1/31, William M. Ryan <wmr02 (at) health.state.ny (dot) us [email concealed]>:
>
>
> Earlier in my search for an event management solution I found one that
> seemed to meet my requirements so I downloaded a 30 day eval. It worked
> great on my local servers so after a while I tried it on a server at my
> remote site. It promptly saturated the line (256k) with traffic and kept
> it saturated (over a weekend) when nobody was working. The moral of the
> story is don't buy without doing a thorough test of product configured as
> you plan to use it (Many companies have optional modules and features to
> enhance their offerings (and their bottom line)) and you test it on a
> representative sample of the equipment you're going to use.
>
> Also consider ease of deployment. Is there an agent, how configurable is
> it, How tricky to install, will I kill my lines when copying the agent to
> remote servers.
>
> William M. Ryan
> Information Technology Specialist 4
> Bureau of Information Technology Services
> NYS DOH Division of Nutrition
>
>
>
>
> "Starks, Brad"
> <BStarks (at) co (dot) mari [email concealed]n
> .ca.us> To
> Sent by: "Ron Johnson - Adhost"
> listbounce@securi <ron (at) adhost (dot) com [email concealed]>, "Kurt Buff"
> tyfocus.com <kurt.buff (at) gmail (dot) com [email concealed]>
> cc
> <focus-ms (at) securityfocus (dot) com [email concealed]>
> 01/30/2008 06:50 Subject
> PM RE: Centralizing Event Viewer Logs
>
>
>
>
>
>
>
>
>
>
> Take a look at Event Tracker from Prism Microsystems. It's pretty
> extensive as far as what it can do, so it may be more than you are
> looking for, but it's worth a visit: http://www.prismmicrosys.com
> Brad
>
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
> On Behalf Of Ron Johnson - Adhost
> Sent: Tuesday, January 29, 2008 12:27 PM
> To: Kurt Buff
> Cc: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: RE: Centralizing Event Viewer Logs
>
> Thanks for all the quick input folks. I will definitely look into each
> solution.
>
>
> -Ron
>
> -----Original Message-----
> From: Kurt Buff [mailto:kurt.buff (at) gmail (dot) com [email concealed]]
> Sent: Tuesday, January 29, 2008 12:24 PM
> To: Ron Johnson - Adhost
> Cc: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Re: Centralizing Event Viewer Logs
>
> There are several alternatives, but I've settled on the Kiwisoft
> syslog server (the free version is fine, but the pay version is cheap
> and does some very nice extra things) and the IntersectAlliance Snare
> syslog client. The Snare client takes each event entry, formats it to
> a single line, then sends it to the syslog server. Install it on each
> of your machines for which you are monitoring event logs, and it works
> nicely.
>
> On Jan 29, 2008 11:51 AM, Ron Johnson - Adhost <ron (at) adhost (dot) com [email concealed]> wrote:
> > Hello List:
> >
> > I was looking into options that will allow us to centralize Event
> Viewer
> > Logs in an Active Directory domain - can anyone recommend any software
> > for this? It would be great if we could find a piece of software that
> > does just this - not a full blown enterprise security solution that
> > cost$ and does many other things that we wouldn't use it for
> > necessarily.
> >
> > Thanks!
> >
>
> Email Disclaimer: http://www.co.marin.ca.us/nav/misc/EmailDisclaimer.cfm
>
>
>
>
> IMPORTANT NOTICE: This e-mail and any attachments may contain confidential or sensitive information which is, or may be, legally privileged or otherwise protected by law from further disclosure. It is intended only for the addressee. If you received this in error or from someone who was not authorized to send it to you, please do not distribute, copy or use it or any attachments. Please notify the sender immediately by reply e-mail and delete this from your system. Thank you for your cooperation.
>
>
[ reply ]