Quoting "Troy.A Johnson" <troy.johnson at health.state.mn.us>: > Greetings TCLUG People! > > Since there are many intelligent and security minded > folks here, and the instructions involve a Linux syslog > server, I thought I would ask you what you think of this > little page I wrote up: > > http://troy.jdmz.net/syslogwin/ > > ...and, I wondered how any syslog wizards here deal > with the logs after they have accumulated. I have lots > of valuable information, just no great way of reporting > it yet. :-/ > > Have a great day, > > Troy > I have fooled around with doing Windows logging using Snare, http://www.intersectalliance.com/projects/SnareWindows/index.html. It is interesting, but I really need to spend more time with understanding windows events in order to get something valuable out of the data. It seems like Windows is willing to give you lots of information, but trying to parse it in a sane fashion is non-trivial. Good site for gathering enough logging information to make your head spin, http://www.loganalysis.org. Josh