Log Monitoring software???

[jbclarkman]

I'm looking for a FREE Log Monitoring software. Something that will montior the logs of my 40 some servers and email me say if someone trys to access an account 5 times and fails. Or critical errors.. All that type of stuff.

I have googled it and I only found either software that you had to load on every server(not bad but cost to much) or software that you don't have to load but cost to much. I'm looking for something FREE... LOL...

Let me know if anyone knows of anything good. If not than if you know of something that is very very very cheap and does the same thing. I would appreciate that too.

[morganlefay]

Window 2003 server...sends me logs...free

MLF

[Tiger Shark]

At the bottom of this post is some code that you could easily adapt and run it more often on the log files. not real time but it's free....

[jbclarkman]

I'm looking for something real time. Also something I don't have to compile and run myself multiple times. I'm using Windows 2000

PS: How do you do it on Windows 2003. I do have 2 of those servers.

[Tiger Shark]

You don't have to compile it.... It's a VBScript....

OK... You want FREE on Windows 2000..... I'll give you real time too 'cos I'm a nice guy.......

Right Click My Computer
Manage
Performance Logs and Alerts
Right Click Alerts
New Alerts Settings
Fill in a Name - OK
Add
Performance Object - Server
Select Counter - Errors Logon - Add - Close
Alert When Value is Over Limit 5
Interval 5 Seconds, (real time enough?)
Action
Chose either or both
Send a network message to .......
Run this program.....

Write a script to email you an alert and run cmd.exe and have it start the script to email you.

There... real time and free....

[jbclarkman]

that would work for me, however the people that will be taking over for me are not gonna like that.. They like pretty things. Dam corporaters... LOL.... any other ideas?

Not to mention doesn't this take up server/process time. Since I'm running Citrix I can't add something else to take up time.

[Tiger Shark]

What on earth is not pretty about that???? It's built in the OS!!!!! How pretty do you need?

You probably don't want to answer that.... Free and pretty are usually mutually exclusive... Tell your cheap-asses bosses to open their check book or accept what they are given...

As an aside... Ask them what the risk assessment indicates they should spend to address the issue.... If they say nothing then point out that "nothing" indicates it isn't an issue in the forst place and then be quiet... The first one to speak loses....

[jbclarkman]

something that would monitor the security log as well.. Not just performance. I need the log monitored for app errors and such. Not performance monitored.

[RoadClosed]

Pretty much the ONLY reason a windows security log is monitored is for privy escalation and failed login/access attempts. Tiger's suggested method does that and if you look at it closely with all the options to add "traps" -you may find what you need. If you want some kind of free "plug and play", papa ain't gotta work to hard, schema for free then good luck. However this looks promising. I tried it once a long time ago and crashed a box but it's come a long way. Been watching the bugtraq on it for weeks.

[jbclarkman]

looks good. Thanks, I'll try it out.