Centralized Logging

[dave2korg]

Hey all,

I tried browsing through some sections but couldn't really find anything that would see fit better than this section for this question.

In regards to PCI compliance my company has asked me to setup a centralized logging server that will fetch syslogs from our PIX firewall, SQL database logs, AD changes, and events on Windows Server 2003 and XP machines.

After trying a few programs and finding them to be complete lackluster or not completing even the simplest of tasks (ELM Log from TNT Software performed somewhat acceptable), I have run out of options. Can anyone here reccomend a good centralized logging option? These are the requirements:

Should run on a windows based platform, workstation or server does not matter.
Should pull logs from devices rather than have to setup scritping on each device to push logs to the workstation.
Support for PIX Syslogs, and Microsoft based logs required, SNMP, and support for other devices such as switches and data storage NAS not required.

If I've posted this in the wrong section, please point me in the right direction. Thanks for reading this!

David

David McKissic
A+, Net+, i-net+, CCNA, CNE, CNA

 

[brianinms]

Get a Cisco MARS appliance and be done with it. Why would you trust your security event logs to software running on Windows?

 

[LawnBoy]

There are syslog servers available for winx, but I don't think they pull.


"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes

 

[jhaith]

If you are looking for centralized logging that will pull data from various devices you can do this with a single Windows machine but you will lack real-time event monitoring and the overhead is considerably more. Check out

http://www.windowsecurity.com/software/Event-Log-Monitoring/

for a list of some products.

-jhaith