security log collection and consolidation

Posted on 2011-10-03
Last Modified: 2012-05-12
I know this question has been asked before, but I'm not sure how recent, and I couldn't find anything specifically addressing in a search.  We'd like to:
1. collect security event logs off of our Windows servers
2. consolidate those logs if possible considering that over time they can consume considerable space.

Goal is a free tool of course.  However, if none is availabe, a good tool that is REASONABLY priced would be a second best option.  We'd need to run this against 25 servers that are a mixture of Server 2003 and 2008.
Question by:patriots
    LVL 12

    Accepted Solution

    a simple syslog server would work for this. I use rsyslog and adiscon loganalyzer on a linux box.

    Then find a tool that will send eventlogs to a syslog server, pick from here:

    That will send all the event logs to one location, a mysql database that can then be maintained as you would like.

    LVL 12

    Expert Comment

    that is a free solution. I like Splunk a lot, but it can be a little pricey depending on how much data you have coming in. However you can use up to 500 MB of log daily for free. It has its own plugins for collecting data and is regarded as a top soltution for log collection and analysis.
    LVL 1

    Assisted Solution

    What about a script?

    If not, here is one that I've used before. It isn't free but i found it reliable and error free.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
    Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
    This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now