• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 976
  • Last Modified:

EventCombMT and Logparser

Hello..

I am working on gathering failed login attemps from our dcs {2003}.   The end goal would be to
- Gather failed authentication attempts from logs
- Generate a few top 10 list {of sorts}
     -Failed authentication attempts from user
     -Failed authentication attempts from host
     -More reports later
- email results

Purchasing a product  {MOM/etc} really isn't an option right now so I am looking for something a bit more cost effective {read free :) }   I am leaning toward using EventCombMT & LogParser in some form.     Gathering the logs with EventCombMT & emailing results is simple enough....but my experience with Logparser is a bit thin.   Does anyone have any good examples of how to parse these type of logs and generate a useful report?   I am open to other solutions....but I would rather it not be a try before you buy solution.  Thoughts?
0
fertigj
Asked:
fertigj
  • 3
  • 2
  • 2
2 Solutions
 
Donald StewartNetwork AdministratorCommented:
We use GFI EventsManager which is relatively cheap
http://www.gfi.com/eventsmanager
 
and it does a great job for us
0
 
SimonL-UKCommented:
You could use vbscript or powershell to export the security logs in a filtered or unfiltered manner to a database - either SQL or MySql.
This could be queried using Query Analyser, SQL Reporting Services, or a number of other querying utilities.
I use a combination of MOM 2005 and HP Systems Insight Manager to monitor my estate (1500+ servers and 12000+ users) which is pretty good but out of the basket, MOM 2005 does not have any security monitoring.  This requires the rules to be created for each event you want monitored which is fine but for us, we are required to keep all security logs for x years and we don't want to have to create a rule for every single security alert.  We are using the above method which works great...
If you have Windows 2008, you can set all your event logs to report to a central location i.e. SQL...

HTH
0
 
fertigjAuthor Commented:
More specifically...  does anyone have any examples of log parser for the following entries.   IE assuming the following entries are in a txt file...   how could I go through and generate a report of sorts that calculates login attemps from a specific host / user


TestLogFile.txt
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
fertigjAuthor Commented:
Just tabulating the result for a given query would be very helpful
0
 
SimonL-UKCommented:
0
 
Donald StewartNetwork AdministratorCommented:
This may be of use to you
Log Parser Lizard GUI (free edition)  
http://www.lizardl.com/PageHtml.aspx?lng=2&PageId=18&PageListItemId=17 
0
 
fertigjAuthor Commented:
After a bit of reading I am still looking for a few pieces...but this is a good start.   I will post with my final results.   Thanks :)
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now