Hi All,
Are you aware of any products that scan the event logs (security,
application, and other event logs) and produce usable reports? I need
reports that I can run in a date range and search for particular things. For
example, I want to see who logged in during non-business hours over the past
2 weeks, or when did USER ID xyz log in during the last month. I may want to
see who attempted to login and it failed, or who attempted to access
someone's email and it failed.
The program should prompt me for date ranges, and what I am looking for. Do
you know of any good products?
Manually Viewing the Microsoft Event logs is not that fun.
Thanks,
Al

In article <82cee.12647$J12.1883@newssvr14.news.prodigy.com>, on Wed, 04 May 2005 22:30:28 GMT, Al
wrote:

| Hi All,
| Are you aware of any products that scan the event logs (security,
| application, and other event logs) and produce usable reports? I need
| reports that I can run in a date range and search for particular things. For
| example, I want to see who logged in during non-business hours over the past
| 2 weeks, or when did USER ID xyz log in during the last month. I may want to
| see who attempted to login and it failed, or who attempted to access
| someone's email and it failed.
| The program should prompt me for date ranges, and what I am looking for. Do
| you know of any good products?

http://www.somarsoft.com/somarsoft_main.htm#DumpEvt will dump events into a file.

Then you can use grep or awk or perl ...
--
DavidPostill

Hi Al,

goto www.gfisoftware.com

chris

Al wrote:

Al wrote:
You can have it alert you automatically based on events and other
criterion and produces a number of high level charts right out of the
box and charting can be customized to meet . I prefer to get alerted as
an event happens (depending on event). This can allow me to log in and
watch activity and thwart connection in real time if required.


Net forensics is a very nice (and pricey) solution for firewall review,
which allows you to create a number of dynamic reports and allows you to
store /retrieve communication history for 90 days, as long as you have
enough storage (I believe we use a 5 TB SANS for recorder with several
data collection servers). It can be cross linked to various other
devices such as IDS, tripwire devices. It has remarkable flexibility
for specialized reports and has other high level report features out of
the box. You can set triggers to engage full logging (headers + data)
for a specific connections connection ranges or events. Or set IDS
triggers (real secure) to engage full logging of activity). It can
also Log your NIDS and other sensors. Full longing is useful if you must
open various sessions for inspection. It can also integrate NET IQ
information.

I have never found many tools for reviewing logs ever make the task fun.
But Net forensics comes close if you wanna watch bad guys in action.
It also has alarm capabilities for defined events. If you script well
you can make some basic charts but if you are briefing you are better
migrating data to a graphics package. If you are looking for charting
events on specific servers or clients NetIQ isn't a bad solution as long
as you aren't wanting to monitor a large number of boxes.

There is a product called event tracker that looks interesting but I
have never touched the actual product. They have a working demo with
tine expiry that might be what your looking for:
http://www.eventlogmanager.com/

Winged

Al wrote...

http://www.sysinternals.com/ntw2k/fr...sloglist.shtml


[alt.certification.mcse removed]

On Wed, 04 May 2005 22:30:28 +0000, Al wrote:

Al,
If you are interested in this kind of information for your web
applications then you might find Covelight Percept to be extremely useful.
Though not log based, Percept will allow you to see the kind of things you
are asking for in real-time or in a report.


-------------------------------------------------------------
Covelight Systems

Protecting the privacy, integrity and confidentiality of your
critical web-enabled information.

http://www.covelight.com
-------------------------------------------------------------