'Easy' way of reviewing user loggons against DC's

We are trying to figure out a more effective way of viewing logs. Specifically at the moment we are interested in 'filtering' the events down to who logged on to the DC locally and then what active directory users logged on to their machines ( domain environment ). So far we have tried using Snare with some filtering on but still the volume of logs just seems imense. Does anyone know of any software or any other ideas on how to achieve this>?
 The idea is to have a simple log of who logged on where at what time ( and of course myabe who tried to log on but failed) .

 Any help would be greatly appreciated
niniantechAsked:
Who is Participating?
 
Leon FesterSenior Solutions ArchitectCommented:
The volume of transactions on your DC are directly proportionate to the number of  users, workstations and domain controllers that you have on your network.

You could consider something as simple as EventCombMT to search your event logs.
It's a manual process and depending on your environment, logs may already be overwritten by the time that you want to search for these events.
http://www.windowsitpro.com/article/log-files/take-advantage-of-the-eventcombmt-utility

Otherwise, 3rd party applications like Splunk, EIQ or Sentinel can be used to extract the logs for historical searches.
But expect to pay some $$$'s for these products
http://www.splunk.com/
http://www.eiqnetworks.com/
http://www.netiq.com/products/sentinel-log-manager/index.asp
0
 
niniantechAuthor Commented:
great, thanks for your suggestions.
0
 
niniantechAuthor Commented:
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.