[usmanbutt]

hi

i am looking for a solution that would collect security event logs from all pcs/servers of my newtork and generate various standard reports. Especially the object access auditing events. please help

[yanivfel]

Hi,

not sure if this is the right forum for this question...

anyway, you can consolidate event log messesges with MOM2005 if you have (the workgroup addition is only 400$ for 10 Servers), and microsoft is bubbling about a MACS (Microsoft Audit Collection Server) that should be out somewhere this year...

there are many Management products that do event log collection as part of their functions but i am guessing your are looking for something free that onyl collects eventlogs...

the only way i know to do it for free is to script it and centrelize the logs into a TXT or CSV file. you can check http://hacks.oreilly.com/pub/h/1110 or just google search event log scripts and you will find your way

some "cheap' software that does it your can find at:
Event Analyzer 4 - http://manageengine.adventnet.com/pr.../download.html
Snare Agent for windows - http://www.download3k.com/Security/O...r-Windows.html
Event Analyst 1.4 - http://www.download3000.com/download_493.html




all availble for free trial

[guyt]

If I am not mistaken, WhatsUp Professional is capable of collecting event logs from remote hosts, but you will still need reporting solution.

MOM2005 is far from being the best solution when dealing with security event logs - you will have to write your own MPs and SQL Reports - quite a painful experience.

There are some very nice tools from NetIQ that can collect security event logs and produce extensive reports - but those come with an impressive price tag.