[logs] Summary: Exchange Logging
Philip Webster
p.webster at qut.edu.au
Sun May 11 18:49:12 PDT 2008
Most of the replies went to the list, but a brief summary:
Philip Webster wrote on 09/05/2008 09:14 :
> Just wondering how people handle Exchange logs ...
[ snip ]
> So do you centralise your logs? Use message tracking? Or ...? Is
> there third-party (free/open?) software which you use for analysing the
> logs?
Snare Epilog for Windows
http://www.intersectalliance.com/projects/EpilogWindows/index.html
Free, open source, can send to a syslog or Snare server.
Splunk
http://www.splunk.com/
Commercial, appears to be licensed per volume, provides more
than just log collection.
EventTracker
http://www.prismmicrosys.com/eventTracker.php
Commercial, licensed per logging device, provides more than just
log collection.
Splunk and EventTracker look like they're firmly in the SIEM space.
Snare Epilog is more analogous to a syslog daemon for Windows, with
built-in Exchange support. (And it is developed in Australia!)
Thanks to all who replied. I'll try to provide an update when we're up
and running - particularly once we've begun to analyse the logs.
Cheers
Phil
--
Philip Webster, IT Security Engineer
Queensland University of Technology
More information about the LogAnalysis
mailing list