Windows Event Log Analysis / Correlation
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Windows Event Log Analysis / Correlation

  1. #1
    Senior Member
    Join Date
    May 2004
    Posts
    274

    Windows Event Log Analysis / Correlation

    Hello All,

    I am working in an environment where we have a mix of systems Windows Vista, 7 and XP and on Servers all Server 2008 R2. I am looking for a tool (free or opensource) which will help me do event log analysis and correlation for all the server machines. Currently, I am not looking for any centralized solution just a stand alone will be fine as well. Does any one has any experience or played with this kind of thing before.

    Any help will be highly appreciated.


    Thanks
    Excuse me, is there an airport nearby large enough for a private jet to land?

  2. #2

  3. #3
    Senior Member
    Join Date
    May 2004
    Posts
    274
    Thanks ua549,
    i will surely give it a try.
    Excuse me, is there an airport nearby large enough for a private jet to land?

  4. #4
    Senior Member
    Join Date
    Mar 2008
    Posts
    262
    If you like it, there are some proprietary server apps available. IIRC they run on *nix but can pull data from any snare client.

  5. #5
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    Quote Originally Posted by mmkhan View Post
    Servers all Server 2008 R2.
    Quote Originally Posted by mmkhan View Post
    I am looking for a tool (free or opensource) which will help me do event log analysis and correlation for all the server machines.
    don't MS have a built-in perfmon / sysmon all ready to be set up and run, it is quite a nice little package too, lots of tweaks to be done
    and all from start - run - perfmon

    Quote Originally Posted by mmkhan View Post
    Currently, I am not looking for any centralized solution just a stand alone will be fine as well.
    but as you are in a domain setting, why go along the stand alone route,
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  6. #6
    Senior Member
    Join Date
    Mar 2008
    Posts
    262
    The performance monitor in Windows does not look at event logs which are used for auditing, not performance.

    If the OP is interested in performance monitoring, I recommend a free tool called MRTG.
    It can graph data from Windows performance counters as well as mib and oid data.

  7. #7
    Senior Member
    Join Date
    May 2004
    Posts
    274
    Hello Guys,

    Thanks for your insightful replies, this will surely help me to explore more into Windows monitoring,

    UA549: I installed snare agent on my windows system (Windows 7 ultimate) and I am accessing eventlogs through web browser. The problem which I faced today are that I am only show only current events for past 10 15 mins events before that are not show. It shows me the full details of each and every event. Is this possible that it shows me only the summaries, like how many times a user logged in, unsuccessful logins, successful logins etc.

    Thanks
    Excuse me, is there an airport nearby large enough for a private jet to land?

  8. #8
    Senior Member
    Join Date
    Mar 2008
    Posts
    262
    I've never used the software so I don't have an answer.
    IMO what you want is in the realm of the snare server software.

  9. #9
    Senior Member
    Join Date
    May 2004
    Posts
    274
    ua549: cool, so you use only windows eventviewer.
    Excuse me, is there an airport nearby large enough for a private jet to land?

  10. #10
    Senior Member
    Join Date
    Mar 2008
    Posts
    262
    I'm a retired networking consultant. Most of my clients (governments, law enforcement, large banks) used proprietary log consolidation/analysis software.

Similar Threads

  1. October MS updates
    By mohaughn in forum Microsoft Security Discussions
    Replies: 2
    Last Post: October 13th, 2004, 05:31 AM
  2. Whats a good stable OS?
    By s3nate in forum Operating Systems
    Replies: 25
    Last Post: July 20th, 2004, 11:32 AM
  3. The history of the Mac line of Operating systems
    By gore in forum Operating Systems
    Replies: 3
    Last Post: March 7th, 2004, 08:02 AM
  4. Someone PLEASE HELP: (router;NIC;DHCP;IP)<-HELP
    By PhiDelt101 in forum General Computer Discussions
    Replies: 7
    Last Post: December 12th, 2003, 04:41 AM
  5. OS History and other info.
    By Remote_Access_ in forum Security Archives
    Replies: 9
    Last Post: January 12th, 2002, 03:02 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •