Home page logo
/

basics logo Security Basics mailing list archives

RE: Event log counts...
From: "Craig, Tobin (OIG)" <tobin.craig () va gov>
Date: Wed, 15 Dec 2004 06:28:53 -0500

Couldn't you export the log data from the syslog server to a csv file
and open it in Excel or Access?  It wouldn't give you live data, but
might otherwise address your needs.

TC

___________________________
Tobin Craig, MRSC, CISSP, SCERS
Program Director, Computer Crimes and Forensics
Department of Veterans Affairs
Office of Inspector General
801 I Street NW
Washington DC 20001
 
Tel: 202 565 7702
Fax: 202 565 7630
___________________________
-----Original Message-----
From: Ryan Murphy [mailto:RMurphy () irvinecompany com] 
Sent: Tuesday, December 14, 2004 12:54 PM
To: security-basics () securityfocus com
Subject: Event log counts...

List,

I am currently working on implementing a windows syslog solution in
which
Win2k servers will dump their application/system/security event logs to
a
(likely Kiwi) syslog server in our environment. One of the questions
that
needs to get answered in order to implement such a solution is "How many
total event log entries are we generating per minute/hour/day/week/month
across all 200 of our servers?" I'm currently at a loss as to how to
answer
this question, and so I'm turning to the list for ideas. At first, I was
thinking about just picking a small representative sample of our
servers,
and counting the number of events generated in a set period of time.
However, I've had a very hard time picking a small representative sample
of
our overall server farm, and from my (albeit somewhat limited) research
into
this avenue, there doesn't appear to be one. Is there a way that I could
query this kind of information somewhere in Windows? In the AD? NetIQ
App
Manager? Do you guys know of any sort of utility that I could load that
would help me determine event counts? Should I write my own? Could I
find
this information by querying WMI in a small VB app or something?

You ideas and suggestions are greatly appreciated.

Thanks,

Ryan


 
============================= 
Notice to recipient:  This e-mail is meant for only the intended
recipient
of the transmission, and may be a confidential communication or a
communication privileged by law.  If you received this e-mail in error,
any
review, use, dissemination, distribution, or copying of this e-mail is
strictly prohibited.  Please notify us immediately of the error by
return
e-mail and please delete this message from your system.  Thank you in
advance for your cooperation. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]