[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Automatic backup of event logs

Posted on 2005-04-13
3
Medium Priority
?
129 Views
Last Modified: 2013-12-04
I need to retain event logs from our server for a certain amount of time to meet regulations.  How can I specify that the log file be saved with a unique name or appended to an existing file once it reaches a specific size on the server?  I don't want it to overwrite the older logs.

0
Comment
Question by:maharlika
  • 2
3 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 400 total points
ID: 13775912
A backup solution can do what you ask, by backing up differences between the files. However with this situation, event log's just append when they reach a certain size as you are probably aware. Some incremental backup's will allow you to append the new entries to the files without erasing the the entries that may no longer be there.
-rich
0
 
LVL 12

Assisted Solution

by:Phil_Agcaoili
Phil_Agcaoili earned 400 total points
ID: 13776267
The other route is to send Windows Event Logs to a Syslog server.  

Once on the Syslog server you can save them on the disk or burn them to a DVDR for future use.

Try these solutions:
http://www.edoceo.com/creo/winlogd/
http://www.loganalysis.org/sections/syslog/windows-to-syslog/
http://ntsyslog.sourceforge.net/

With this method, you can set size limits to your log file, append, or edit the files as needed, it's a very configurable option.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 13777735
One note on a "incremental backup" file for event log's- there is 300mb limit to the eventlog reader. That's a lot of log's... I do think saving them each day to individual files is probably best- that is the case with syslog or Snare servers. You can compress and password protect backed up event logs- most backup utilities use compression for saving old files. Snare is more of an alerting/monitoring mechanisim for suspecious behaviour.
http://www.intersectalliance.com/projects/SnareWindows/
-rich
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question