[logs] Remote log access

[jcalhoun at securityeventmonitoring.com]

How cool would it be if M$ would incorporate remote logging natively?
Possibly even set it up as as service that could be controlled remotely.
That would make it easily deployable and easy to maintain for admins.  I
am sure this has been said before, sorry if I'm echoing.  

I like the agentless design too though, but I agree, I don't like having
to use admin rights to pull the logs.  Seems like a "log" user could be
set up with special rights to view and forward the logs.

I would also like to see more logging software build in heartbeats.  I
believe Monitorware already does this.  Without heartbeats, it's
difficult to determine when a box has stopped reporting.


     
--
Johnny Calhoun
jcalhoun at securityeventmonitoring.com
www.securityeventmonitoring.com



> -------- Original Message --------
> Subject: [logs] Remote log access
> From: "saudi sans" <saudisans at gmail.com>
> Date: Thu, June 28, 2007 1:30 am
> To: loganalysis at loganalysis.org
> 
> We are using a SIM solution which has an agent which picks up windows
> logs remotely.
> 
> On this agent we have to give a user-id/password of the target server
> from where windows event logs have to be picked up. This
> user-id/password needs admin rights on target server. The agent also
> needs remote registry access on target server. It works well.
> 
> But I am not comfortable giving admin rights and remote registry
> access just for pulling event logs.
> 
> >From microsoft experts on this list - what minimum permissions are to
> be provided on a target windows machine for a remote software to
> access its event logs?
> 
> I am aware of solutions which push out the logs from the windows to
> the agent , but i am specifically interested in the pull model with
> just-the-minimum privileges.
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis at loganalysis.org
> http://www.loganalysis.org/mailman/listinfo/loganalysis