A Windows NT Service on every machine send the information (every eventlog section ) to a database ODBC connected
(Oracle, MSSQlserver, DB2, MySql etc.)
I wrote also the client administrative to setup, install, modify configuration and interrogate the datbase, produce reports (Crystal, Html, PDF etc.) and also send script as soon as a program to modify the system from remote location.
From: "GRILLENMEIER,GUIDO (HP-Germany,ex1)" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] security event log audits
Date: Tue, 16 Mar 2004 19:40:02 +0100
MIME-Version: 1.0
Received: from mail.activedir.org ([64.245.160.7]) by mc2-f10.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Tue, 16 Mar 2004 10:40:40 -0800
Received: from bbnrelint01.net.external.hp.com [192.6.76.88] by mail.activedir.org with ESMTP (SMTPD32-8.05) id AA071D5B0150; Tue, 16 Mar 2004 13:40:07 -0500
Received: from isar.bbn.hp.com (isar.bbn.hp.com [15.140.168.13])by bbnrelint01.net.external.hp.com (Postfix) with ESMTP id 0C6D137C90for <[EMAIL PROTECTED]>; Tue, 16 Mar 2004 19:37:32 +0100 (CET)
Received: by isar.bbn.hp.com with Internet Mail Service (5.5.2657.72)id <GPZ8QP5T>; Tue, 16 Mar 2004 19:40:06 +0100
X-Message-Info: yilqo4+6kc42bID0SLkQu4MzXVSilpwe
Message-ID: <[EMAIL PROTECTED]>
X-Mailer: Internet Mail Service (5.5.2657.72)
Precedence: bulk
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 16 Mar 2004 18:40:40.0966 (UTC) FILETIME=[2EAA6A60:01C40B86]
MACS (MS Audit Collector System) will do all of that for you and likely much
more efficient than what you'd do yourself (and more secure as well) -
should be released soon (I think with 2003 SP1)
/Guido
_____
From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: Dienstag, 16. M�rz 2004 19:18 To: [EMAIL PROTECTED] Subject: [ActiveDir] security event log audits
Has anyone had success putting together something home-grown to centralize
security event logs into a sql database? If so, I wanted to get some tips on
how the tables should be set up - can all events that are captured in the
security log be placed in the same table, or do different events have their
own structure and would have to go into separate tables?
Also, I'm familiar with EventCombMT and eldump - are there any other tools I
should be considering to pull the data? I'm assuming I'll need to use
something like one of those to act as the middleware between the logs and
the database.
Thanks...
Mark Creamer
Systems Engineer
Cintas Corporation
Honesty and Integrity in Everything We Do
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
