• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 459
  • Last Modified:

security log collection and consolidation

I know this question has been asked before, but I'm not sure how recent, and I couldn't find anything specifically addressing in a search.  We'd like to:
1. collect security event logs off of our Windows servers
2. consolidate those logs if possible considering that over time they can consume considerable space.

Goal is a free tool of course.  However, if none is availabe, a good tool that is REASONABLY priced would be a second best option.  We'd need to run this against 25 servers that are a mixture of Server 2003 and 2008.
0
patriots
Asked:
patriots
  • 2
2 Solutions
 
ryan80Commented:
a simple syslog server would work for this. I use rsyslog and adiscon loganalyzer on a linux box.
http://loganalyzer.adiscon.com/

Then find a tool that will send eventlogs to a syslog server, pick from here:

http://www.itbuzzer.net/corner/2008/10/how-to-send-windows-events-to-syslog.asp



That will send all the event logs to one location, a mysql database that can then be maintained as you would like.

0
 
ryan80Commented:
that is a free solution. I like Splunk a lot, but it can be a little pricey depending on how much data you have coming in. However you can use up to 500 MB of log daily for free. It has its own plugins for collecting data and is regarded as a top soltution for log collection and analysis.
0
 
dou2bleCommented:
What about a script?

If not, here is one that I've used before. It isn't free but i found it reliable and error free.
http://www.whatsupgold.com/log-management/event-archiver/index.aspx
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now