-
September 9th, 2011, 04:51 PM
#1
Windows Event Log Analysis / Correlation
Hello All,
I am working in an environment where we have a mix of systems Windows Vista, 7 and XP and on Servers all Server 2008 R2. I am looking for a tool (free or opensource) which will help me do event log analysis and correlation for all the server machines. Currently, I am not looking for any centralized solution just a stand alone will be fine as well. Does any one has any experience or played with this kind of thing before.
Any help will be highly appreciated.
Thanks
Excuse me, is there an airport nearby large enough for a private jet to land?
-
September 9th, 2011, 05:58 PM
#2
-
September 10th, 2011, 04:24 PM
#3
Thanks ua549,
i will surely give it a try.
Excuse me, is there an airport nearby large enough for a private jet to land?
-
September 10th, 2011, 05:14 PM
#4
If you like it, there are some proprietary server apps available. IIRC they run on *nix but can pull data from any snare client.
-
September 12th, 2011, 12:05 AM
#5
Originally Posted by mmkhan
Servers all Server 2008 R2.
Originally Posted by mmkhan
I am looking for a tool (free or opensource) which will help me do event log analysis and correlation for all the server machines.
don't MS have a built-in perfmon / sysmon all ready to be set up and run, it is quite a nice little package too, lots of tweaks to be done
and all from start - run - perfmon
Originally Posted by mmkhan
Currently, I am not looking for any centralized solution just a stand alone will be fine as well.
but as you are in a domain setting, why go along the stand alone route,
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
-
September 12th, 2011, 10:57 AM
#6
The performance monitor in Windows does not look at event logs which are used for auditing, not performance.
If the OP is interested in performance monitoring, I recommend a free tool called MRTG.
It can graph data from Windows performance counters as well as mib and oid data.
-
September 12th, 2011, 08:35 PM
#7
Hello Guys,
Thanks for your insightful replies, this will surely help me to explore more into Windows monitoring,
UA549: I installed snare agent on my windows system (Windows 7 ultimate) and I am accessing eventlogs through web browser. The problem which I faced today are that I am only show only current events for past 10 15 mins events before that are not show. It shows me the full details of each and every event. Is this possible that it shows me only the summaries, like how many times a user logged in, unsuccessful logins, successful logins etc.
Thanks
Excuse me, is there an airport nearby large enough for a private jet to land?
-
September 12th, 2011, 10:54 PM
#8
I've never used the software so I don't have an answer.
IMO what you want is in the realm of the snare server software.
-
September 13th, 2011, 09:15 AM
#9
ua549: cool, so you use only windows eventviewer.
Excuse me, is there an airport nearby large enough for a private jet to land?
-
September 13th, 2011, 01:03 PM
#10
I'm a retired networking consultant. Most of my clients (governments, law enforcement, large banks) used proprietary log consolidation/analysis software.
Similar Threads
-
By mohaughn in forum Microsoft Security Discussions
Replies: 2
Last Post: October 13th, 2004, 04:31 AM
-
By s3nate in forum Operating Systems
Replies: 25
Last Post: July 20th, 2004, 10:32 AM
-
By gore in forum Operating Systems
Replies: 3
Last Post: March 7th, 2004, 08:02 AM
-
By PhiDelt101 in forum General Computer Discussions
Replies: 7
Last Post: December 12th, 2003, 04:41 AM
-
By Remote_Access_ in forum Security Archives
Replies: 9
Last Post: January 12th, 2002, 03:02 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|