?
Solved

Monitoring security event logs

Posted on 2013-05-13
2
Medium Priority
?
558 Views
Last Modified: 2013-05-29
I need to be able to monitor the security logs for a bunch of computers in a workgroup. I want to be able to pull all of the successful and failed logons from all of the computers and put them into a nice report.

Does anyone know a cheap program that would be able to do this?
0
Comment
Question by:smartsystemsinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 64

Accepted Solution

by:
btan earned 1200 total points
ID: 39164593
Cheap means slightly more "work and ingenity" for integration, maybe (2) is better? else with $$ then see (4)

(1) Very manual and need customisation - use of PsLogList to aaccess all the logon success and failure event-log information from the command line. Include all the relevant eventid using the PsLoglist such as "psloglist \\DC1 -s -i <eventid> security". Use and Customise "findfailedlogon.cmd" that find each DC that this script specifies, parses the output of the Psloglist command against that server and combines it into one output file in CSV format - associate with Excel. Probably with csv can find any reporting tool to generate "nice" report...
@ http://windowsitpro.com/systems-management/gather-failed-logon-attempts

(2) free reporting/collection but need effort and "many" reading to setup (worth it as it expand to other coverage in future)-  Using the Windows Security Operations Center Splunk application that uses Windows Event Log logs (mainly Security logs) to display everything. Process include to collect the Windows event logs on a Universal Forwarder installed on a Windows host, then use WMI to collect the eventlogs of all other Windows systems in the domain (local workgroup).

@ http://splunk-base.splunk.com/apps/24435/windows-security-operations-center
Steps involved and doc to check
@ http://docs.splunk.com/Documentation/WindowsApp/latest/User/AbouttheSplunkAppforWindows
@ http://docs.splunk.com/Documentation/WindowsApp/5.0/User/HowtodeploytheSplunkAppforWindows

Getting the releveant ID
 @ http://www.ultimatewindowssecurity.com/securitylog/quickref/default.aspx

Some $$ involved

(3) NetWrix Logon Reporter - too bad the freeware removed the reporting aspects, maybe tried the trial to testdrive what it captured.
@ http://www.netwrix.com/logon_auditing.html

(4) PA Power Admin - Check out the list of logon success and failure eventid (1st link) that can be tracked by creating a Event Log monitor. The monitor (2nd link) supports running reports on all of the matching events that have happened. You can filter the reported events on event source, type, date range, etc.
@ http://www.poweradmin.com/help/SM_5_0/howto_audit_logins.aspx
@ http://www.poweradmin.com/help/SM_5_0/Monitor_Event_Log.aspx
0
 

Author Closing Comment

by:smartsystemsinc
ID: 39204987
Wow, thanks for your reply. I have found other options, but I will definitely look into these.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Determining the an SCCM package name from the Package ID
A small collection of useful tips and tricks for Windows 10 users that I decided to write as a result of recent questions that were asked and answered at Experts Exchange. Two short video tutorials included. Enjoy..
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question