Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Kevan Smith (KCSmithtideworks.com)
Date: Thu Jun 28 2001 - 12:15:49 CDT
While more costly than the other approaches mentioned, you'll get a
significantly enhanced event/system monitoring and response tool with NetIQ
Operations Manager (purchased by MS and being renamed Microsoft Operations
Manager 2000 as of July 1, 2001). We've got this tool in-house and
absolutely love it.
Essentially you have:
- A central server that collects, stores, and responds
to events on the agents (SQL db backend)
- Optional "consolidators" throughout the network,
acting as go-between for agents and central server
(keeps precious bandwidth utilization down)
- Agents on all monitored servers. Sends event log updates
and perfmon data to the central server every five minutes,
important events (like hardware failure notifications) immediately.
Out of the box, OM will monitor system health and track performance data for
historical and projection data, an excellent knowledge base, a powerful
notification and VBS scripting responses (restart server, lock out attacking
user, turn on emergency lighting and ring the buzzer, etc), and a powerful
framework to build on.
I believe you can take a look at the upcoming ver. from MOM at
MCSE, MCP+I, ACT, A+
From: th3rm05hushmail.com [mailto:th3rm05hushmail.com]
Sent: Tuesday, June 26, 2001 6:29 AM
Subject: remote logging in NT4
I am trying to set up remote EVENT logging on some NT4 (SP6a if it matters)
servers. We would like to have a centralized "log server" (which would
also potentially double as our IDS) so that our logs can be kept remotely.
This will make it more difficult to modify them in the event of a hacker
being set loose on our system. I tried modifying the
| Application | Security> keys to be \\LOGHOSTNAME\LOGHOSTDRIVE$\LOGHOSTDIR,
but all this did was prevent the event logger from loading.
I'm thinking 1 of 2 things: either a workaround this in the registry, or
perhaps having the SYSTEM (as opposed to the user at login) map the network
drive as L:\ or something similar, and changing the aforementioned key to
L:\LOGHOSTDIR. Problem is, I have no idea how to do either one.
Does anyone have any experience (or even any off-the-cuff ideas) with this
sort of thing? Any comments/suggestions would be more than welcome!
Free, encrypted, secure Web-based email at www.hushmail.com