[logs] Eventlog to syslog
Rodney Thayer
rodney at canola-jones.com
Fri Feb 29 18:17:45 PST 2008
Andrew Hay wrote:
> So the real question becomes: of those large MS customers, how many of them
> have or are planning to deploy a syslog-based monitoring infrastructure, and
> are they willing to apply pressure to Redmond?
>
> I suspect that, with the (future) adoption of Windows 2008 and the new
> cross-log query feature in the event log (that allows you to correlate logs
> from multiple systems), Microsoft may finally have put the nail in the
> coffin that is this issue (at least in their eyes). I'll be honest, I
> haven't dug into the new event log due to other things on my plate, but I
> have a feeling that this new event log rewrite is going to be positioned as
> a SIEM replacement for Windows based events. I was telling Anton yesterday
> that Beth Quinlan, in her Information Security article entitled "3d
> Security", touches on the new event log features a bit.
If Microsoft has a unified one-vendor event management solution it will
certainly benefit event ecosystems that don't contain (or aren't aware
of) anything else. So is Cisco going to start generating windows event
messages from their 3750 switches?
This is the old "we would like all our event sources to send data to
some common or compatible destination" song. Any vendor who doesn't
offer off-enclave event reporting is going to have difficulty meeting
certain kinds of modern telemetry requirements, like, oh, say, PCI or
FISMA...
More information about the LogAnalysis
mailing list