I second the Splunk suggestion. You can collect events via WMI - no agents necessary. OSSEC is a great option as well, but it'll require agents and a Linux machine for managing agents.
-AK On Tue, Jul 10, 2012 at 4:10 PM, Bigger Thomas <[email protected]> wrote: > You can look at splunk, depending on the size of your environment you > can get by without agents. There is a lot of setup with splunk and it > can get intimidating, but I have found it to often be the best > solution out there. There is a free download that handles 500 Meg's of > logs a day and you can reach out to their sales dept for a temp > enterprise license that will allow more. > > Just my two cents. > > Please excuse typos, I'm on my mobile > > > On Jul 10, 2012, at 17:06, Brian Schultz <[email protected]> wrote: > >> So I recently started a new job at a small-ish hospital and was tasked with >> setting up something that can audit security logs. It sounds and is pretty >> vague, but this is for HIPAA compliance. I'm more of an infrastructure guy >> and haven't had a chance to deal with security much and my only exposure is >> really through the podcast. I have no idea what products are out there to do >> these things. The environment here is about 99.99% Windows. I was taking a >> look at Solarwinds Log and Event Manager which looks pretty good so far, but >> it also requires an agent to be installed on any machines you want to >> monitor which can be a hassle. >> >> Is there anything else that I should be taking a look at? GFI Events Manager >> or some open-source solution? >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
