I wrote an article about some of the options and our own network implementation of centralized logging: http://rr.sans.org/casestudies/mixed_win.php Hope it helps
Fred -----Original Message----- From: netsec novice [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 20, 2002 2:57 PM To: [EMAIL PROTECTED] Subject: Security log consolidation I am looking for a way to consolidate the output from the security event log from about 40+ servers. I know there are several tools out there that convert Event log messages to syslog and you are then able to use a single event log server to monitor activity. Two that I have seen are EventTracker and also Event Reporter from Adiscon. I have also seen Kiwi Syslog and Winsyslog. I'm looking to get advice from those of you out there that have done this and can lend input on what works well and what doesn't. Thanks for your feedback. N _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus
