Friday, 21 May 2010

The easy way to get windows event log messages sent to a syslog server - for free

If you are trying to engineer your own solution to meet requirements of a security standard like PCI DSS or GCSx Co Co (GCSx Code of Connection - required for any organisation needing access to the UK Government Secure Extranet) - then you may be scratching your head wondering how best to get event log messages from Windows and/or Unix/Linux servers? Here's how to do it for free - read on.

Well, the Unix and Linux servers may appear relatively straightforward, since you can edit the native syslogd file and specify the address of your syslog server - job done....sort of.

For instance, for PCI DSS compliance, you will need to go further than simply gathering syslog messages and provide a means of tracking file integrity, not to mention the need for gathering custom logs from your key applications and databases - more on this subject in a future blog...

Windows servers present a different challenge, being more oriented to SNMP Traps for performance monitoring than syslog forwarding for security events. NNT have been developing solutions to make the every aspect of 'compliance' simpler and less expensive than it has been in the past. If you haven't already seen our Log Tracker solution you should! This is proving useful for both organisations new to compliance and those that have been around the block with either products that are expensive to maintain in terms of license and maintenance fees, or that are too basic and under powered to cope with their environment. Log Tracker delivers the best of both options - powerful and comprehensive enough to easily cope with large scale windows and unix estates, but priced sensibly for the budget of most organisations that need it.

How does Log Tracker handle Windows Events? Simple - we have a powerful agent that deploys directly to the Windows server. If you don't have much time, just run the installer and tell it the address of the syslog server and you're done. If you want to be more selective about which logs you monitor - including custom application logs, for instance - the there are a range of filtering options.

So how do you get it for free? Just follow this link to and help yourself - let me know how you get on with it?

No comments:

Post a Comment