Are you referring to this product? http://sourceforge.net/projects/eventlogmonitor/
If so, it looks like it can only deal with windows logs. That is not going to get you very far. If you want to know what is going on within your network, you really need something that can handle syslog messages as well (routers, firewalls, etc.).
Although not pertinent to the product you mentioned, I remembered reading on GFI's website about their event log management product. They were *boasting* that their collector could handle up to 6 million events per hour. That boils down to a paltry 1667 events per second, which is absolutely pathetic. A couple of core routers/firewalls could easily overwhelm this.
James Winzenz
Infrastructure Engineer - Security
Pulte Homes Information Services
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of ottobeli82 (at) yahoo.com (dot) br [email concealed]
Sent: Friday, February 01, 2008 9:08 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Re: Fwd: Centralizing Event Viewer Logs
Is there someone who already tried the product SB Eventlog Monitor?
I´m thinking about starting some tests in my network (all windows, 2000 machines) centralizing all the logs in one server, but I would like to hear from you any kind of experience with this product.
I would like to know how the product behaves concerning network traffic, manageability and event correlation.
CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email and delete the message and any file attachments from your computer. Thank you.
Are you referring to this product? http://sourceforge.net/projects/eventlogmonitor/
If so, it looks like it can only deal with windows logs. That is not going to get you very far. If you want to know what is going on within your network, you really need something that can handle syslog messages as well (routers, firewalls, etc.).
Although not pertinent to the product you mentioned, I remembered reading on GFI's website about their event log management product. They were *boasting* that their collector could handle up to 6 million events per hour. That boils down to a paltry 1667 events per second, which is absolutely pathetic. A couple of core routers/firewalls could easily overwhelm this.
James Winzenz
Infrastructure Engineer - Security
Pulte Homes Information Services
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of ottobeli82 (at) yahoo.com (dot) br [email concealed]
Sent: Friday, February 01, 2008 9:08 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Re: Fwd: Centralizing Event Viewer Logs
Is there someone who already tried the product SB Eventlog Monitor?
I´m thinking about starting some tests in my network (all windows, 2000 machines) centralizing all the logs in one server, but I would like to hear from you any kind of experience with this product.
I would like to know how the product behaves concerning network traffic, manageability and event correlation.
CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email and delete the message and any file attachments from your computer. Thank you.
[ reply ]