?
Solved

Default config of Windows Event Logs Inadequate.  What are alternatives?

Posted on 2007-11-29
5
Medium Priority
?
246 Views
Last Modified: 2013-12-06
Greetings and Thank you for Your Help  :-)

I am the server manager.  I need to ensure the safety of my servers, and i want to easily find events that will tell what has happened over the weekend.  I want to ensure my logs will be safe no matter what (not just on another drive on the same machine, and not just backedup at midnight ---- I want them on another machine (a very secure machine) each hour or perhaps even DIRECTLY logged there.

I'm not interested in log parser, and yes, I do have auditing jacked up to log most things.  Note that I have not asked any question about FWs, IDS, or other security measures.  I'm mainly interested in logging what happens.

What are my options?  What are the pros/cons?  Can you get eventlogs to log directly to another machine?  Is there some software (turnkey) for all this?

Thanks again so very much!,
K

0
Comment
Question by:ksuchy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 8

Accepted Solution

by:
wfcraven12 earned 675 total points
ID: 20377322
you could try this.

go into regedit & find all the entries (which i think there are just two) that point to where the .Evt files are located (should be something like %systemroot\sytem32\config).  Change the path to a mapped drive to something out on the network that's secure.  definitely try it on a test machine.  i just tried it on one of mine & it seemed okay at first glance.
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 675 total points
ID: 20377926
There are two ways I favor: Use snare (intersectalliance.com) and a syslog server (kiwi or snare server). This would enable you to forward each event in realtime to another server.
The other would be to back it up using the following script: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22451747.html
0
 
LVL 19

Assisted Solution

by:CoccoBill
CoccoBill earned 150 total points
ID: 20380802
0
 
LVL 8

Expert Comment

by:wfcraven12
ID: 20381058
CoccoBill - that was already posted.  Look at first comment.
0
 
LVL 19

Expert Comment

by:CoccoBill
ID: 20381092
Yes, wfcraven12, I noticed. I just filled in the blanks in your post.
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses
Course of the Month12 days, 18 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question