'Easy' way of reviewing user loggons against DC's

We are trying to figure out a more effective way of viewing logs. Specifically at the moment we are interested in 'filtering' the events down to who logged on to the DC locally and then what active directory users logged on to their machines ( domain environment ). So far we have tried using Snare with some filtering on but still the volume of logs just seems imense. Does anyone know of any software or any other ideas on how to achieve this>?
 The idea is to have a simple log of who logged on where at what time ( and of course myabe who tried to log on but failed) .

 Any help would be greatly appreciated
niniantechAsked:
Who is Participating?
 
Leon FesterConnect With a Mentor IT Project Change ManagerCommented:
The volume of transactions on your DC are directly proportionate to the number of  users, workstations and domain controllers that you have on your network.

You could consider something as simple as EventCombMT to search your event logs.
It's a manual process and depending on your environment, logs may already be overwritten by the time that you want to search for these events.
http://www.windowsitpro.com/article/log-files/take-advantage-of-the-eventcombmt-utility

Otherwise, 3rd party applications like Splunk, EIQ or Sentinel can be used to extract the logs for historical searches.
But expect to pay some $$$'s for these products
http://www.splunk.com/
http://www.eiqnetworks.com/
http://www.netiq.com/products/sentinel-log-manager/index.asp
0
 
niniantechAuthor Commented:
great, thanks for your suggestions.
0
 
niniantechAuthor Commented:
thanks
0
All Courses

From novice to tech pro — start learning today.