Tool For Bringing Together All W2K Security Events

[Mark Williams]

Hi,

I was wondering whether anyone could help. We are
currently running a mixed mode Windows 2000 Active
Directory. We want to be able to check the Security
event logs on domain controllers, member servers e.t.c
for any events such as logon failures, failed
file/directory accesses e.t.c. I know this information
can be got from the event logs but I was wondering
whether there was a solution provided by Microsoft for
gathering all these event log entries and summarizing
them in one application. Other than that, we could get
one of our developers to write an application to try and
do this.

Any help greatly appreciated.

Thanks

Mark Williams
HEFCE

 

[Steven L Umbach]

Microsoft offers Event Comb which may help. See link below on where to get
it. --- Steve

http://www.microsoft.com/downloads/...9C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
http://tinyurl.com/a5zj --- same link as above, shorter.

 

[Karl Levinson [x y] mvp]

Check this out: Microsoft MACS is in beta:

http://certcities.com/editorial/columns/story.asp?EditorialsID=171

There are some pricier solutions here:

http://www.nwfusion.com/reviews/2000/0904rev.html

I found these by searching Google, there's probably more out there:
http://www.google.com/search?q=sql-server+windows+event-log

You could try something like NTSYSLOG to spit windows event log events to a
syslog computer, and if necessary pipe it through SSH to encrypt it across
the network. It should be possible to do so for free. If the combined logs
are sizable and you want to do queries and analysis on them, you might want
to port the log data into a SQL server or MySQL server in some way.