• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 990
  • Last Modified:

EventCombMT and Logparser

Hello..

I am working on gathering failed login attemps from our dcs {2003}.   The end goal would be to
- Gather failed authentication attempts from logs
- Generate a few top 10 list {of sorts}
     -Failed authentication attempts from user
     -Failed authentication attempts from host
     -More reports later
- email results

Purchasing a product  {MOM/etc} really isn't an option right now so I am looking for something a bit more cost effective {read free :) }   I am leaning toward using EventCombMT & LogParser in some form.     Gathering the logs with EventCombMT & emailing results is simple enough....but my experience with Logparser is a bit thin.   Does anyone have any good examples of how to parse these type of logs and generate a useful report?   I am open to other solutions....but I would rather it not be a try before you buy solution.  Thoughts?
0
fertigj
Asked:
fertigj
  • 3
  • 2
  • 2
2 Solutions
 
DonNetwork AdministratorCommented:
We use GFI EventsManager which is relatively cheap
http://www.gfi.com/eventsmanager
 
and it does a great job for us
0
 
SimonL-UKCommented:
You could use vbscript or powershell to export the security logs in a filtered or unfiltered manner to a database - either SQL or MySql.
This could be queried using Query Analyser, SQL Reporting Services, or a number of other querying utilities.
I use a combination of MOM 2005 and HP Systems Insight Manager to monitor my estate (1500+ servers and 12000+ users) which is pretty good but out of the basket, MOM 2005 does not have any security monitoring.  This requires the rules to be created for each event you want monitored which is fine but for us, we are required to keep all security logs for x years and we don't want to have to create a rule for every single security alert.  We are using the above method which works great...
If you have Windows 2008, you can set all your event logs to report to a central location i.e. SQL...

HTH
0
 
fertigjAuthor Commented:
More specifically...  does anyone have any examples of log parser for the following entries.   IE assuming the following entries are in a txt file...   how could I go through and generate a report of sorts that calculates login attemps from a specific host / user


TestLogFile.txt
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
fertigjAuthor Commented:
Just tabulating the result for a given query would be very helpful
0
 
SimonL-UKCommented:
0
 
DonNetwork AdministratorCommented:
This may be of use to you
Log Parser Lizard GUI (free edition)  
http://www.lizardl.com/PageHtml.aspx?lng=2&PageId=18&PageListItemId=17 
0
 
fertigjAuthor Commented:
After a bit of reading I am still looking for a few pieces...but this is a good start.   I will post with my final results.   Thanks :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now