• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 272
  • Last Modified:

'Easy' way of reviewing user loggons against DC's

We are trying to figure out a more effective way of viewing logs. Specifically at the moment we are interested in 'filtering' the events down to who logged on to the DC locally and then what active directory users logged on to their machines ( domain environment ). So far we have tried using Snare with some filtering on but still the volume of logs just seems imense. Does anyone know of any software or any other ideas on how to achieve this>?
 The idea is to have a simple log of who logged on where at what time ( and of course myabe who tried to log on but failed) .

 Any help would be greatly appreciated
0
niniantech
Asked:
niniantech
  • 2
1 Solution
 
Leon FesterSenior Solutions ArchitectCommented:
The volume of transactions on your DC are directly proportionate to the number of  users, workstations and domain controllers that you have on your network.

You could consider something as simple as EventCombMT to search your event logs.
It's a manual process and depending on your environment, logs may already be overwritten by the time that you want to search for these events.
http://www.windowsitpro.com/article/log-files/take-advantage-of-the-eventcombmt-utility

Otherwise, 3rd party applications like Splunk, EIQ or Sentinel can be used to extract the logs for historical searches.
But expect to pay some $$$'s for these products
http://www.splunk.com/
http://www.eiqnetworks.com/
http://www.netiq.com/products/sentinel-log-manager/index.asp
0
 
niniantechAuthor Commented:
great, thanks for your suggestions.
0
 
niniantechAuthor Commented:
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now