Event Log Management Solution for Sarbane Oxley

Posted on 2004-10-29
Medium Priority
Last Modified: 2013-12-03
I am the coordinator of Sarbane Oxley audit in my company, and looking for Event log management solution to keep track all my windows log files and Unix syslog. I found that most of the event management software available in the market are Windows-centric, and able to find one with both, which is "Event Tracker from Prism Microsystem". My question is any other product available in the market that can serve both Windows and Unix?
Question by:belim
  • 2

Expert Comment

ID: 12449600
We use Dorian which is WinCentric but is very good too.

I have heard very good things about Kiwi http://www.kiwisyslog.com/ I'd take a look at them.

Event Log Manager (ELM) is another product that I'm not very familiar with. It seems like when I was researching, it lacked features, but that's been a while & I could be remembering wrong so you could take a look.

Another consideration would be to put a syslog daemon on your winders machines and then use your *nix syslog and reporting mechanisms. The only caveat I have there is that I think you would still need to archive your windows logs in .evt. If you ever needed to prosecute somebody, the reformatted messages may not be admissable as evidence in court. It should be fine for general audit types of purposes though.

The last caveat I have is that I once had a syslog-like utility (Kane Secure Enterprise) and it would suck the logs off the machines in realtime. So if somebody was trying to figure out a problem, they could be trying to look at the error logs locally and they would instead see them scrolling off the screen. Then we'd have to go to the KSE monitor and sort through logs to find what we wanted. So anyway, just be careful because as important as logs are to you in your mission, they can be equally important to others in theirs.

Good Luck!


Author Comment

ID: 12449852
I am looking for Enterprise solution.KiwiSyslog is too simple, i am looking for something that can fulfill 4 processes, they are Collect, Store or Archive, Analyse, and report.

Accepted Solution

shahrial earned 600 total points
ID: 12450326
> My question is any other product available in the market that can serve both Windows and Unix?
Not that I know of but your can customise. Below are some links to resources.

syslog Client Configs for Windows/Non-UNIX

Logging via Syslog

Hope it's useful...;-)

Expert Comment

ID: 12450333
Here's another arcticle which may be useful for you.

How to Monitor Windows NT from Unix

Featured Post

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Are you looking to start a business? Do you own and operate a small company? If so, here are some courses you need to take before you hire a full-time IT staff.
Feeling responsible for an unfortunate ransomware infection on my parent's network, persistence paid off as I was able to decrypt a strain of ransomware that was not previously (or at least publicly) cracked. I hope this helps others out there affec…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question