[logs] Speaking of Windows logging agents

[Daniel Cid]

Hi Tina,

I know it is not exactly what you asked, but the
"ossec
agent" can read the Windows event log (in addition to
IIS log files and any other local log that you may
have) and forward them to a centralized location
(running an ossec server).

However, ossec agents do not use syslog, but its own
protocol, where the logs are compressed and encrypted
before delivery.

So, if you want syslog consolidation, ossec agents
are not for you, but if you just want to extract
your logs for analysis (or security log analysis which
ossec is concerned [log-based intrusion detection]),
ossec can be very useful.

More info: http://www.ossec.net


Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net


--- Tina Bird <tbird at precision-guesswork.com>
escreveu:

> 
> I feel ever so behind the times. While I wasn't
> watching, the folks at
> BalaBit spun off a premium version of syslog-ng.
> Amongst its other
> enhancements, it incorporates an agent for Microsoft
> Windows systems. I
> haven't played with it yet, but it may give us
> another alternative to SNARE
> and EventReporter/Monitorware as a mechanism for
> consolidating Windows logs
> in a syslog-based infrastructure:
> 
> http://www.balabit.com/products/syslog-ng/premium/
> 
> I haven't performed a thorough search lately. Are
> there other
> Windows-to-syslog agents out there that folks are
> using?
> 
> cheers -- tbird
> 
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis at loganalysis.org
>
http://www.loganalysis.org/mailman/listinfo/loganalysis
> 



__________________________________________________
Fale com seus amigos  de graça com o novo Yahoo! Messenger 
http://br.messenger.yahoo.com/