Home page logo

educause logo Educause Security Discussion mailing list archives

Re: logging windows text-based files to central logging server
From: Michael Bayne <baynema () JMU EDU>
Date: Mon, 30 Jul 2007 15:44:15 -0400

Thanks to the people who've responded. So far, I've heard of three tools:

1. Kiwi Secure Tunnel: unless I'm misunderstanding the product, it only
provides an encrypted tunneling for messages it's received from the
network to another syslog server.  Handy, but not what I'm needing (If I
am misunderstanding what it does, let me know and I'll dig into it more).

2. Snare from Intersect Alliance: we use this currently on our Windows
servers and it does a good job.  It's limited, however, to only sending
Windows Event logs to a syslog server.  We're looking for something
that'll handle all the other logs on our Windows boxes.

3. Epilog from Intersect Alliance: this is Intersect Alliance's solution
for those other logs on Windows boxes.  We evaluated this for several
weeks and found problems with it.  Our Windows application servers are
configured to rotate their log files when they reach a certain size.
Epilog prevented this rotation, resulting in the application group
yelling at me when the log file filled up a hard drive.

Any body else have any solutions they'd care to share?  I'm trying
desperately to avoid trying to write my own since my C is terribly rusty.


Michael Bayne wrote:
We have a number of windows applications logging to text-based log files
(IIS, apache, app servers, etc).  We'd like to get these logs off of the
windows servers and onto our central syslog server and CS-MARS device in
a (near) real-time manner. So far, I haven't been able to find a tool to
do this reliably.  Intersect Alliance's Epilog Agent for Windows is the
best I've seen so far, but I've found it prevents log rotation.

So, I'm curious as to what you are doing.  Are you logging these
text-based logs to a central location (syslog or otherwise)?  What tools
are you using to do so?



Mike Bayne
Security Engineer
baynema () jmu edu

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]