Security Basics mailing list archives

RE: Event log counts...

From: "Capps, Chuck" <CCapps () healthaxis com>
Date: Tue, 14 Dec 2004 15:25:01 -0600

Ryan,
        We have a developer than wrote a custom app that is capturing the
logs on 47 web servers and all logs on 6 domain controllers and we are
generating approximately 2500 logs a day.  Every week we generate
approximately 2 gigs worth of data, most of which is purged to make it more
manageable.

Chuck



-----Original Message-----
From: Ryan Murphy [mailto:RMurphy () irvinecompany com] 
Sent: Tuesday, December 14, 2004 11:54 AM
To: security-basics () securityfocus com
Subject: Event log counts...


List,

I am currently working on implementing a windows syslog solution in which
Win2k servers will dump their application/system/security event logs to a
(likely Kiwi) syslog server in our environment. One of the questions that
needs to get answered in order to implement such a solution is "How many
total event log entries are we generating per minute/hour/day/week/month
across all 200 of our servers?" I'm currently at a loss as to how to answer
this question, and so I'm turning to the list for ideas. At first, I was
thinking about just picking a small representative sample of our servers,
and counting the number of events generated in a set period of time.
However, I've had a very hard time picking a small representative sample of
our overall server farm, and from my (albeit somewhat limited) research into
this avenue, there doesn't appear to be one. Is there a way that I could
query this kind of information somewhere in Windows? In the AD? NetIQ App
Manager? Do you guys know of any sort of utility that I could load that
would help me determine event counts? Should I write my own? Could I find
this information by querying WMI in a small VB app or something?

You ideas and suggestions are greatly appreciated.

Thanks,

Ryan


 
============================= 
Notice to recipient:  This e-mail is meant for only the intended recipient
of the transmission, and may be a confidential communication or a
communication privileged by law.  If you received this e-mail in error, any
review, use, dissemination, distribution, or copying of this e-mail is
strictly prohibited.  Please notify us immediately of the error by return
e-mail and please delete this message from your system.  Thank you in
advance for your cooperation.

Current thread:

Event log counts... Ryan Murphy (Dec 14)
- RE: Event log counts... Kurt (Dec 15)
- Re: Event log counts... Jean François Quéralt (Dec 15)
- <Possible follow-ups>
- Re: Event log counts... Richard_Gardner (Dec 14)
- RE: Event log counts... Capps, Chuck (Dec 15)
- RE: Event log counts... Craig, Tobin (OIG) (Dec 15)
- Re: Event log counts... H Carvey (Dec 15)