[Last Call] Learn how to a build a cloud-first strategyRegister Now


AD Security Log archiving

Posted on 2012-08-28
Medium Priority
Last Modified: 2012-09-16
Could you recommend a tool that will allow me to archive AD logs eg: Security Logs. The tool should have the following :
•      Be able to run in command line mode
•      Be able to be scheduled, either by itself or through Windows scheduler to be run say at least every 30 minutes
•      Should be able to be passed credentials or run as a service and at one location, be able to reach all DCs
•      Be able to get to the security logs, zip the logs to minimize the size, move it to a Windows Share, clear the Security logs and provide some kinda report on failure

The plan is to grab security logs several all locations, save them to a secure share, clear the security logs, then run again in the next hour or half hour.
Question by:dguandique
LVL 14

Expert Comment

by:Schnell Solutions
ID: 38343007
One option:

Microsoft System Center Operations Manager 2007 or 2012. AOC function

It records your security logs in real time from your DCs and save them in a SQL Database. Them you can use multiple reports or queries to extract the desired information, you can retain the information as long as you want (from this option and the amount of data will depend the SQL database size). Can be accesses throw the SCOM console or directly by any web browser. It works with Power Shell, so you can administer by commands if you want

Accepted Solution

mo_patel earned 1500 total points
ID: 38343218
or why dont you look at SIEM software, some venders offer free licences for 3-4 servers and any more you buy the lics.

this way its real time, all logs are saved and it allows you to create threads i.e. show all logon failures, show all locked accounts, show all new users and so on.........

Author Closing Comment

ID: 38404000

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question