Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: logging windows text-based files to central logging server
From: "Julian J Thompson (jthmpsn2)" <jthmpsn2 () MEMPHIS EDU>
Date: Tue, 31 Jul 2007 09:21:50 -0500

If non-free is ok, you may want to check out Event Manager from GFI.

--
(J)

-----Original Message-----
From: Michael Bayne [mailto:baynema () JMU EDU] 
Sent: Monday, July 30, 2007 3:15 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] logging windows text-based files to central
logging server

We'll definitely consider non-free options.  Thanks for pointing out 
that feature of syslog-ng Premium Edition.

Havens, Ben wrote:
You don't say whether you are considering non-free options.  The
syslog-ng Premium Edition offers a Windows agent that interprets text
logs as well as event logs.

-----Original Message-----
From: Michael Bayne [mailto:baynema () JMU EDU] 
Sent: Monday, July 30, 2007 3:44 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] logging windows text-based files to central
logging server

Thanks to the people who've responded. So far, I've heard of three
tools:

1. Kiwi Secure Tunnel: unless I'm misunderstanding the product, it
only provides an encrypted tunneling for messages it's received from the
network to another syslog server.  Handy, but not what I'm needing (If I
am misunderstanding what it does, let me know and I'll dig into it
more).

2. Snare from Intersect Alliance: we use this currently on our Windows
servers and it does a good job.  It's limited, however, to only sending
Windows Event logs to a syslog server.  We're looking for something
that'll handle all the other logs on our Windows boxes.

3. Epilog from Intersect Alliance: this is Intersect Alliance's
solution for those other logs on Windows boxes.  We evaluated this for
several weeks and found problems with it.  Our Windows application
servers are configured to rotate their log files when they reach a
certain size. 
Epilog prevented this rotation, resulting in the application group
yelling at me when the log file filled up a hard drive.


Any body else have any solutions they'd care to share?  I'm trying
desperately to avoid trying to write my own since my C is terribly
rusty.

Thanks.



Michael Bayne wrote:
We have a number of windows applications logging to text-based log 
files (IIS, apache, app servers, etc).  We'd like to get these logs 
off of the windows servers and onto our central syslog server and 
CS-MARS device in a (near) real-time manner. So far, I haven't been 
able to find a tool to do this reliably.  Intersect Alliance's Epilog

Agent for Windows is the best I've seen so far, but I've found it
prevents log rotation.

So, I'm curious as to what you are doing.  Are you logging these 
text-based logs to a central location (syslog or otherwise)?  What 
tools are you using to do so?

Thanks.



-- 

Mike Bayne
Security Engineer
baynema () jmu edu
1.540.568.1684

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault