We are trying to figure out a more effective way of viewing logs. Specifically at the moment we are interested in 'filtering' the events down to who logged on to the DC locally and then what active directory users logged on to their machines ( domain environment ). So far we have tried using Snare with some filtering on but still the volume of logs just seems imense. Does anyone know of any software or any other ideas on how to achieve this>?
The idea is to have a simple log of who logged on where at what time ( and of course myabe who tried to log on but failed) .
Any help would be greatly appreciated