[logs] Summary: Exchange Logging

Rainer Gerhards rgerhards at hq.adiscon.com
Tue May 13 01:21:53 PDT 2008 

[I am with the vendor/OS project]

Hi Phil,

due to a holiday I'am a bit late. I'd still like to add Adiscon's
MonitorWare Agent, who can convert any text files (and lots of other
sources) to syslog.

There now is a guide available for Exchange:

http://www.monitorware.com/Common/en/Articles/monitoring_exchange_messag
e_tracking_logfiles.php

On the receiver side, you can run GPLed rsyslog, which in turn can send
the logs to a file or database. Then, you may even review it online via
phpLogCon[1]. Obviously, good analysis on them is a different topic, but
we are looking into options inside phpLogCon. PhpLogCon and rsyslog are
GPL, the MonitorWare Agent sensor on Windows is commercial software.

I hope this still is useful.

Rainer

[1] http://www.phplogcon.org


> -----Original Message-----
> From: loganalysis-bounces at loganalysis.org [mailto:loganalysis-
> bounces at loganalysis.org] On Behalf Of Philip Webster
> Sent: Monday, May 12, 2008 3:49 AM
> To: loganalysis at loganalysis.org
> Subject: [logs] Summary: Exchange Logging
> 
> Most of the replies went to the list, but a brief summary:
> 
> Philip Webster wrote on 09/05/2008 09:14 :
> > Just wondering how people handle Exchange logs ...
> 
> [ snip ]
> 
> > So do you centralise your logs?  Use message tracking?  Or ...?  Is
> > there third-party (free/open?) software which you use for analysing
> the
> > logs?
> 
> Snare Epilog for Windows
> 
>
http://www.intersectalliance.com/projects/EpilogWindows/index.html
>      Free, open source, can send to a syslog or Snare server.
> 
> Splunk
> 
>      http://www.splunk.com/
>      Commercial, appears to be licensed per volume, provides more
>      than just log collection.
> 
> EventTracker
> 
>      http://www.prismmicrosys.com/eventTracker.php
>      Commercial, licensed per logging device, provides more than just
>      log collection.
> 
> Splunk and EventTracker look like they're firmly in the SIEM space.
> 
> Snare Epilog is more analogous to a syslog daemon for Windows, with
> built-in Exchange support.  (And it is developed in Australia!)
> 
> 
> Thanks to all who replied.  I'll try to provide an update when we're
up
> and running - particularly once we've begun to analyse the logs.
> 
> Cheers
> Phil
> 
> --
> 
> Philip Webster, IT Security Engineer
> Queensland University of Technology
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis at loganalysis.org
> http://www.loganalysis.org/mailman/listinfo/loganalysis

More information about the LogAnalysis mailing list