AD Security Log archiving

Posted on 2012-08-28
Last Modified: 2012-09-16
Could you recommend a tool that will allow me to archive AD logs eg: Security Logs. The tool should have the following :
•      Be able to run in command line mode
•      Be able to be scheduled, either by itself or through Windows scheduler to be run say at least every 30 minutes
•      Should be able to be passed credentials or run as a service and at one location, be able to reach all DCs
•      Be able to get to the security logs, zip the logs to minimize the size, move it to a Windows Share, clear the Security logs and provide some kinda report on failure

The plan is to grab security logs several all locations, save them to a secure share, clear the security logs, then run again in the next hour or half hour.
Question by:dguandique
    LVL 13

    Expert Comment

    One option:

    Microsoft System Center Operations Manager 2007 or 2012. AOC function

    It records your security logs in real time from your DCs and save them in a SQL Database. Them you can use multiple reports or queries to extract the desired information, you can retain the information as long as you want (from this option and the amount of data will depend the SQL database size). Can be accesses throw the SCOM console or directly by any web browser. It works with Power Shell, so you can administer by commands if you want
    LVL 6

    Accepted Solution

    or why dont you look at SIEM software, some venders offer free licences for 3-4 servers and any more you buy the lics.

    this way its real time, all logs are saved and it allows you to create threads i.e. show all logon failures, show all locked accounts, show all new users and so on.........

    Author Closing Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now