mailing list archives
RE: Event log counts...
From: "Craig, Tobin (OIG)" <tobin.craig () va gov>
Date: Wed, 15 Dec 2004 06:28:53 -0500
Couldn't you export the log data from the syslog server to a csv file
and open it in Excel or Access? It wouldn't give you live data, but
might otherwise address your needs.
Tobin Craig, MRSC, CISSP, SCERS
Program Director, Computer Crimes and Forensics
Department of Veterans Affairs
Office of Inspector General
801 I Street NW
Washington DC 20001
Tel: 202 565 7702
Fax: 202 565 7630
From: Ryan Murphy [mailto:RMurphy () irvinecompany com]
Sent: Tuesday, December 14, 2004 12:54 PM
To: security-basics () securityfocus com
Subject: Event log counts...
I am currently working on implementing a windows syslog solution in
Win2k servers will dump their application/system/security event logs to
(likely Kiwi) syslog server in our environment. One of the questions
needs to get answered in order to implement such a solution is "How many
total event log entries are we generating per minute/hour/day/week/month
across all 200 of our servers?" I'm currently at a loss as to how to
this question, and so I'm turning to the list for ideas. At first, I was
thinking about just picking a small representative sample of our
and counting the number of events generated in a set period of time.
However, I've had a very hard time picking a small representative sample
our overall server farm, and from my (albeit somewhat limited) research
this avenue, there doesn't appear to be one. Is there a way that I could
query this kind of information somewhere in Windows? In the AD? NetIQ
Manager? Do you guys know of any sort of utility that I could load that
would help me determine event counts? Should I write my own? Could I
this information by querying WMI in a small VB app or something?
You ideas and suggestions are greatly appreciated.
Notice to recipient: This e-mail is meant for only the intended
of the transmission, and may be a confidential communication or a
communication privileged by law. If you received this e-mail in error,
review, use, dissemination, distribution, or copying of this e-mail is
strictly prohibited. Please notify us immediately of the error by
e-mail and please delete this message from your system. Thank you in
advance for your cooperation.