As MadHat already suggested: for free tools I found that Snare (http://www.intersectalliance.com/projects/index.html) was the best however it lacks good notification features such as email or desktop alerts that inform you there is a problem . You basically need to monitor Snare's output.
EventSentry light (http://www.eventsentry.com/downloads_eslight.php) is another free tool that will allow you to monitor one server's event logs and will send you a scheduled daily email that summarizes events that occurred that you specify in the filter. Not real good if you are looking for real time notification. Like everyone else has suggested it seems like the best/more common approach to do this low-cost is to deploy a syslog server with open source tools such as http://sourceforge.net/projects/logcheck/ to monitor and send emails when a specific event is logged. As for MS MOM I believe this tool is more for monitoring the availability of network resources and let you know when something is down, like big brother. I just got my copy of MOM and plan on deploying it on my home LAN soon. Please let me know if you do find a free tool that will monitor window's event log and send out email notifications when a specific event occurs. Angelo Castigliola III Enterprise Security Architecture UnumProvident -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Holstein Sent: Thursday, November 17, 2005 11:50 AM To: [email protected] Subject: Re: [Full-disclosure] Windows 2003 Logging/Log Analysis Tool > I'm looking for recommendation on what are the better log analysis > softwares around that're capable of generating good logs for; > > * IIS 6.0 > * NetApp NetCache 5.x > * Microsoft ISA RRAS > > Are there also Log Agents available for System so that all the logs are > contributed to a Centralized Log Server? My favorite way to do this is just send it via syslog to a UNIX box, then use grep/perl/whatever to post-process it. If you use syslog-ng you can put the events into MySQL which opens some additional possibilities. Best way to get windows logs (event logs, text based files, etc) is EventReporter (www.adiscon.de). It's cheap .. $30/license I think. Regards, Michael Holstein CISSP GCIA Cleveland State University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
