We have a NT server running
a Syslog Daemon, that logs Syslog and SNMP traps,
http://www.kiwi-enterprises.com/
and on your NT servers load http://www.winsyslog.com/
you can setup alerts, and also archive your events.

Pete.

------------------------------------
"Once I've dropped off their resignation form at HR (admittedly, they did
think they were signing a company accident indemnity form) I pop back down
to the office to clean up the complaint barrage by being slightly brutal
with our MX records as well."
--BOFH

>
> > -----Original Message-----
> > From: th3rm05hushmail.com [mailto:th3rm05hushmail.com]
> > Sent: den 26 juni 2001 15:29
> > To: focus-mssecurityfocus.com
> > Subject: remote logging in NT4
> >
> >
> > I am trying to set up remote EVENT logging on some NT4 (SP6a
> > if it matters)
> > servers. We would like to have a centralized "log server"
> > (which would
> > also potentially double as our IDS) so that our logs can be
> > kept remotely.
> > This will make it more difficult to modify them in the event
> > of a hacker
> > being set loose on our system. I tried modifying the
> > HKLM\SYSTEM\CurrentControlSet\Services\EventLog\<System
> > | Application | Security> keys to be
> > \\LOGHOSTNAME\LOGHOSTDRIVE$\LOGHOSTDIR,
> > but all this did was prevent the event logger from loading.
> >
> > I'm thinking 1 of 2 things: either a workaround this in the
> > registry, or
> > perhaps having the SYSTEM (as opposed to the user at login)
> > map the network
> > drive as L:\ or something similar, and changing the
> > aforementioned key to
> > L:\LOGHOSTDIR. Problem is, I have no idea how to do either one.
> >
> > Does anyone have any experience (or even any off-the-cuff
> > ideas) with this
> > sort of thing? Any comments/suggestions would be more than welcome!
> >
> > th3rm05
> > Free, encrypted, secure Web-based email at www.hushmail.com
> >
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]