| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu Nov 17 20:55:54 2005 From: pablo at vernocchi.com.ar (Vernocchi, Pablo) Subject: Windows 2003 Logging/Log Analysis Tool Mmm... AFAIK MOM is more than that (also costs MUCH MORE than that :) )... Here you'll find more info: http://www.microsoft.com/mom/evaluation/overview/default.mspx And FAQ http://www.microsoft.com/mom/evaluation/faqs/default.mspx Feature Description Operator Console The Operator Console provides you with a view into the health of your systems, indicates problems, and recommends resolutions. You can even add company-specific troubleshooting information. Its multi-paned view allows you to easily see the information necessary to resolve a problem without having to open various windows or dialog boxes. Reporting Console1 The Reporting Console allows you to view event, alert, and performance reports from a Web browser. It lets you subscribe to favorite reports and automatically receive new versions as they change. Tasks and Diagnostics MOM 2005 allows you to define, export, import, and launch context-sensitive tasks and diagnostics. The tasks can run on the console, the server, or at the agent. These tasks include pinging a machine, flushing a DNS cache, or removing lingering objects from Active Directory. Auto-Alert Resolution Auto Alert Resolution enables the agent to automatically update the MOM database when an alert has been corrected without operator intervention. Instance-Aware Monitoring MOM 2005 recognizes and monitors specific instances within a system. For example, it identifies specific databases within SQL Server, not just SQL Server, in general. This allows monitoring to be more detailed. Responses Before Alert Suppression Responses to an alert can be executed by the agent prior to the alert being suppressed. Deployment Agentless Monitoring MOM 2005 monitors agentless servers. This is aimed at IT environments where agents could not be installed on a few exception nodes. Agentless monitoring is limited to status monitoring only. Reporting Richer Reporting3 By utilizing SQL Server 2000 Reporting Services, MOM 2005 can provide highly customized reports. Reports can be easily exported to Microsoft Excel, Adobe Acrobat, HTML, TIFF, CSV, or XML file formats. Report Customization4 Reports can be created and tailored through Visual Studio .NET. Non-Microsoft Interoperability MOM Connector Framework5 MOM Connector Framework is a Web service that enables bi-directional communication between multiple MOM instances and non-Microsoft management systems to share data and resolve problems more easily across an enterprise. -----Mensaje original----- De: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] En nombre de Castigliola, Angelo Enviado el: Jueves, 17 de Noviembre de 2005 04:26 p.m. Para: full-disclosure@...ts.grok.org.uk CC: Fielder, Kevin (GE Consumer Finance); full-disclosure@...ts.grok.org.uk Asunto: RE: [Full-disclosure] Windows 2003 Logging/Log Analysis Tool As MadHat already suggested: for free tools I found that Snare (http://www.intersectalliance.com/projects/index.html) was the best however it lacks good notification features such as email or desktop alerts that inform you there is a problem . You basically need to monitor Snare's output. EventSentry light (http://www.eventsentry.com/downloads_eslight.php) is another free tool that will allow you to monitor one server's event logs and will send you a scheduled daily email that summarizes events that occurred that you specify in the filter. Not real good if you are looking for real time notification. Like everyone else has suggested it seems like the best/more common approach to do this low-cost is to deploy a syslog server with open source tools such as http://sourceforge.net/projects/logcheck/ to monitor and send emails when a specific event is logged. As for MS MOM I believe this tool is more for monitoring the availability of network resources and let you know when something is down, like big brother. I just got my copy of MOM and plan on deploying it on my home LAN soon. Please let me know if you do find a free tool that will monitor window's event log and send out email notifications when a specific event occurs. Angelo Castigliola III Enterprise Security Architecture UnumProvident -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Michael Holstein Sent: Thursday, November 17, 2005 11:50 AM To: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Windows 2003 Logging/Log Analysis Tool > I'm looking for recommendation on what are the better log analysis > softwares around that're capable of generating good logs for; > > * IIS 6.0 > * NetApp NetCache 5.x > * Microsoft ISA RRAS > > Are there also Log Agents available for System so that all the logs are > contributed to a Centralized Log Server? My favorite way to do this is just send it via syslog to a UNIX box, then use grep/perl/whatever to post-process it. If you use syslog-ng you can put the events into MySQL which opens some additional possibilities. Best way to get windows logs (event logs, text based files, etc) is EventReporter (www.adiscon.de). It's cheap .. $30/license I think. Regards, Michael Holstein CISSP GCIA Cleveland State University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists