SecurityPortal: Ask Buffy – ports; log search tools, DNS – UDP or TCP
From SecurityPortal: Ask Buffy – ports; log search tools, DNS – UDP or TCP [via Linux Today]:
Log Tool
We have all these NT 4.0 logs, but it there a tool that can help sift
through information and present it with meaning? With regard to security,
I just want to get to the information that I need. I need to get to this
information quickly. Do you have any suggestions?Kevin M Moker
This is a subject for which there is a ton of information available.
There is an excellent FAQ available at:http://www.heysoft.de/nt/eventlog/faq.htm
And an entire book on the subject available from O’Reilly:
http://www.oreilly.com/catalog/winlog/
As for actual products that will monitor your log files and respond to
events, there are several dozen solutions; for example:http://www.sql-server-performance.com/event_log_monitor.asp
http://www.ipsentry.com/dlfiles/addins/ipsevmon.htm
You can also export NT event logs, using a variety of products, to UNIX
syslog machines and use your favorite syslog monitoring tool.Buffy (buffy@securityportal.com)
