[Discuss] Log management options?
Scott Ehrlich
srehrlich at gmail.com
Sat Mar 17 10:31:48 EDT 2012
On Sat, Mar 17, 2012 at 1:40 AM, Scott Ehrlich <srehrlich at gmail.com> wrote:
> I'm looking for log management options for a network of Windows and
> Linux hosts on an isolated network.
>
> I need tcp communication (vs udp) to ensure messages successfully get
> passed from client to log server.
>
> Encryption of the message, too, between client to server would be
> great. TCP alone would just provide plain-text.
>
> I've been in touch with Intersect Alliance, and they've been extremely
> helpful with a myriad of questions I've posed, but I just learned that
> their server product requires its own Linux OS, provided by them. A
> bit of a bummer.
>
> Solarwinds, owner of Kiwi, won't return my emails.
>
> Corner Bowl is Windows-centric.
>
> Envision is just way too expensive.
>
> What other products are out there?
>
> Thanks.
>
> Scott
Someone asked me what my goal was -
I want to have a central location (database/file on a server) where
successful and failed login attempts, objects accessed, system events
such as discs inserted and data copied, are stored, machine powered
up/down, media added/removed (usb devices, etc) along with machine
name/ip and user, and an easy way to sort by user, date, time, status
(success/failure), etc, for a given period of time, that period
defined by the auditor.
All events in the central database should mirror the events stored on
the respective local machine they are sent from - thus the log server
would have just a copy of what the local machine has.
The above should be for both Linux and Windows systems.
Thanks.
Scott
More information about the Discuss
mailing list