AD Security Log archiving

Could you recommend a tool that will allow me to archive AD logs eg: Security Logs. The tool should have the following :
•      Be able to run in command line mode
•      Be able to be scheduled, either by itself or through Windows scheduler to be run say at least every 30 minutes
•      Should be able to be passed credentials or run as a service and at one location, be able to reach all DCs
•      Be able to get to the security logs, zip the logs to minimize the size, move it to a Windows Share, clear the Security logs and provide some kinda report on failure

The plan is to grab security logs several all locations, save them to a secure share, clear the security logs, then run again in the next hour or half hour.
dguandiqueAsked:
Who is Participating?
 
mo_patelConnect With a Mentor Commented:
or why dont you look at SIEM software, some venders offer free licences for 3-4 servers and any more you buy the lics.

this way its real time, all logs are saved and it allows you to create threads i.e. show all logon failures, show all locked accounts, show all new users and so on.........
0
 
Schnell SolutionsSystems Infrastructure EngineerCommented:
One option:

Microsoft System Center Operations Manager 2007 or 2012. AOC function

It records your security logs in real time from your DCs and save them in a SQL Database. Them you can use multiple reports or queries to extract the desired information, you can retain the information as long as you want (from this option and the amount of data will depend the SQL database size). Can be accesses throw the SCOM console or directly by any web browser. It works with Power Shell, so you can administer by commands if you want
0
 
dguandiqueAuthor Commented:
Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.