[logs] Re: Eventlog to syslog Mar 01 2008 10:53AM
Dean Frye (dfrye evercom net au)

>If we *really* want to get MS' attention on this issue, we need to find
>some large Microsoft customers who are willing to apply pressure to
>their account managers about syslog support.

Most large organizations are going to have Microsoft Operations Manager
which gives you the ACS service. I think this direct database query is a
better approach than syslog. The issue is not the log transport protocol
IMHO, but more the lack of granular logging controls. Yes, it does not work
for application and other logs, but it does work for security logs.

What we need is metadata that can be attached to OS objects that can trigger
logging functions and be propagated in the log events.



LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus