OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Pete Jacob (pjacobftmc.com)
Date: Thu Jul 05 2001 - 15:15:02 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    shoot,
    I mean http://www.eventreporter.com/ for the client NT workstations and
    Servers,
    and http://www.kiwi-enterprises.com/ for the syslog/snmp server,
    I manage 20 NT servers, many SCO, Linux, AS400, Vax's, and man various Cisco
    routers this way... both these products really rock and they are shareware.
    Pete.

    ------------------------------------
    "Once I've dropped off their resignation form at HR (admittedly, they did
    think they were signing a company accident indemnity form) I pop back down
    to the office to clean up the complaint barrage by being slightly brutal
    with our MX records as well."
    --BOFH

    > -----Original Message-----
    > From: Pete Jacob [mailto:pjacobftmc.com]
    > Sent: Thursday, July 05, 2001 12:03 AM
    > To: focus-mssecurityfocus.com
    > Subject: RE: remote logging in NT4
    >
    >
    > We have a NT server running
    > a Syslog Daemon, that logs Syslog and SNMP traps,
    > http://www.kiwi-enterprises.com/
    > and on your NT servers load http://www.winsyslog.com/
    > you can setup alerts, and also archive your events.
    >
    > Pete.
    >
    > ------------------------------------
    > "Once I've dropped off their resignation form at HR (admittedly, they did
    > think they were signing a company accident indemnity form) I pop back down
    > to the office to clean up the complaint barrage by being slightly brutal
    > with our MX records as well."
    > --BOFH
    >
    > >
    > > > -----Original Message-----
    > > > From: th3rm05hushmail.com [mailto:th3rm05hushmail.com]
    > > > Sent: den 26 juni 2001 15:29
    > > > To: focus-mssecurityfocus.com
    > > > Subject: remote logging in NT4
    > > >
    > > >
    > > > I am trying to set up remote EVENT logging on some NT4 (SP6a
    > > > if it matters)
    > > > servers. We would like to have a centralized "log server"
    > > > (which would
    > > > also potentially double as our IDS) so that our logs can be
    > > > kept remotely.
    > > > This will make it more difficult to modify them in the event
    > > > of a hacker
    > > > being set loose on our system. I tried modifying the
    > > > HKLM\SYSTEM\CurrentControlSet\Services\EventLog\<System
    > > > | Application | Security> keys to be
    > > > \\LOGHOSTNAME\LOGHOSTDRIVE$\LOGHOSTDIR,
    > > > but all this did was prevent the event logger from loading.
    > > >
    > > > I'm thinking 1 of 2 things: either a workaround this in the
    > > > registry, or
    > > > perhaps having the SYSTEM (as opposed to the user at login)
    > > > map the network
    > > > drive as L:\ or something similar, and changing the
    > > > aforementioned key to
    > > > L:\LOGHOSTDIR. Problem is, I have no idea how to do either one.
    > > >
    > > > Does anyone have any experience (or even any off-the-cuff
    > > > ideas) with this
    > > > sort of thing? Any comments/suggestions would be more than welcome!
    > > >
    > > > th3rm05
    > > > Free, encrypted, secure Web-based email at www.hushmail.com
    > > >
    > >
    > >
    >
    >