Solved

Server Configuration Change Tracking

Posted on 2004-03-29
12
228 Views
Last Modified: 2013-12-04
Looking for a software solution that will automatically track changes on a server(s).  It needs to monitor the following (or at least the large portion of the following):
 · Operating System Upgrades
 · Operating System Patches
 · Addition/Deletion of Applications
 · Application Upgrades
 · Changes in Trust Relationships
 · Non-routine virus signature upgrades in response to specific threat (i.e., Nimda virus)
 · Policy Changes
 · Global user right changes - i.e., removing Authenticated Users from Access this computer from the network.
 · High level share changes - i.e., removing Authenticated Users from a certain share

Currently researching www.cirba.com, but they seem to be proud of their product ($$$).  Cost is certainly an issue, as this software will need to monitor ~15 servers (whether independently, or together).  

Currently, we are using a good ol' Excel file to keep track of changes, using the old hand-and-keyboard method.  This is becoming more and more difficult as we continue to add servers.  

Any suggestions/thoughts/comments are welcome.  
0
Comment
Question by:dgooding
  • 7
  • 3
  • 2
12 Comments
 
LVL 12

Expert Comment

by:trywaredk
ID: 10704477
This one is free - Auditing af eventlog is part of windows

Enable and Apply Security Auditing in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;300549

HOWTO: Enabling Local Auditing Policies on Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;252412

HOW TO: Enable and Apply Security Auditing in Windows 2000 Server and Windows 2000 Professional:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q300549&sd=tech

EMCO EventLog Audit collects the eventlog from the computers on the LAN, to a database
http://www.1000files.com/Utilities/Network/EMCO_EventLog_Audit_6132_Review.html

Cybersafe Centrax Log Analyst Named Essential Microsoft Windows 2000 Security Utility
http://www.cybersafe.com/centrax/cla1.html

Event Log View EVT - analysis tool for rapid search through 64 archived logs
http://www.engagent.com/products/productsinfo.asp?product=event+log+view+evt

Proactively Monitor, Alert and Recover critical applications, servers and infrastructure equipment
http://www.ipmonitor.com/

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10704492
If you want to script it yourself, use the builtin windows scripting host (free).

Start here..

The Script Center categorizes the best sample scripts designed to run on Windows 2000
http://www.microsoft.com/technet/community/scriptcenter/default.mspx
0
 
LVL 2

Author Comment

by:dgooding
ID: 10706322
I didn't think the event log would contain information about application installs, changes in trust relationships, virus signature upgrades, and changing of user rights.  

I suppose writing a custom script may catch these things, but the idea here is that I don't want to write it, if I don't have to.  Cost may be an issue, but it doesn't have to be free.

Those software solutions you mentioned (as far as I can tell) just monitor the event log (which brings us back to the first statement above.)
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10706644
Here's something to start with...

InCtrl5 is the fifth incarnation of one of PC Magazine's most popular utilities. By monitoring the changes made to your system when you install new software
http://www.pcmag.com/article2/0,1759,73039,00.asp
0
 
LVL 8

Assisted Solution

by:smeek
smeek earned 50 total points
ID: 10714369
I use AuditWizard more for workstation tracking, but it keeps up with apps and versions.  It won't do the manage trust relationships, AD or domain related stuff.  You can modify it to look for certain files (like an .exe or virus update if you know the file name).

Steve
0
 
LVL 8

Expert Comment

by:smeek
ID: 10714391
There is also a free system inspection utility called AIDA32 that is available at http://www.aida32.hu/aida32.php.  The price is better, but not as automated as AuditWizard.

Steve
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 2

Author Comment

by:dgooding
ID: 10714686
I may be looking at a solution that involves more than one piece.  So, even though these aren't *exactly* what I'm looking for, I may be able to piece together a solution from the suggestions I'm given.

I've been discussing with a co-worker what the event log will handle.  Turns out, most everything but user/share changes (virus signature logs are kept by the antivirus software, which can be audited).  I think the tricky part here is going to find something that audits user/share changes.

In addition, the solution need not have a GUI (it can be just a data harvester).  If it can write to a SQL database that's fine too (a web-frontend can be written with little trouble).  (From the sound of that, I guess I'm advocating scripts, but a GUI would certainly be nice.)

I'm going to keep this thread open till the end of the week.  Keep the ideas coming.  Thanks for all your help so far.   :)
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10716879
Sentry II enables you to manage and monitor your Windows NT/2000/XP/2003 event logs.
http://www.engagent.com/products/productsinfo.asp?product=Event+Log+Sentry
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 200 total points
ID: 10716895
Event Log View-Server (ELViS) is an enterprise level event log management tool. ELViS has the ability to store events in a central database and send  notification without the presence of an agent
http://www.engagent.com/products/productsinfo.asp?product=ELVIS
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10716917
File Audit ™ makes it possible to actually use the Windows NT/2000/XP file and directory audit function. No longer is it necessary to laboriously decipher thousands of lines of event logs
http://www.engagent.com/products/productsinfo.asp?product=FileAudit
0
 
LVL 2

Author Comment

by:dgooding
ID: 10741175
Some good suggestions.  Though none "hit the nail on the head", at least the decision will be easier to make.  Thanks especially to trywaredk for your seemingly endless supply of links.  :)
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10743969
:o) Glad I could help you - thank you for the points
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now