dave
2006-Jul-20 16:44 UTC
[Samba] programmatical retrieval of windows event logs from linux
Am a Linux guy and trying to support security monitoring for Windows devices.
Am trying to find a programmatic way of pulling security and application logs
from Windows machine. OR it can be a push model where windows can generate
events/traps. It should all be built-in in windows with no external tool
installation.
Looks like there is no NATIVE built in asynchronous event reporting from
windows (2000/2003/xp)?
It can be in terms of SNMP Traps as well.
Given this, one can use Samba apis (rpcclient) to periodically pull the
event logs
from windows. Is there any better way to accomplish the same programmatically
using Push or Pull model to get the security and application logs on windows
from Linux ?
-Dave
---------------------------------
Do you Yahoo!?
Next-gen email? Have it all with the all-new Yahoo! Mail Beta.
dave
2006-Jul-20 16:56 UTC
[Samba] programmatical retrieval of windows event logs from linux
I was only looking at Native windows support with no Hassles of any external agent installation:> Am a Linux guy and trying to support security monitoring for Windows devices. Am trying to find a programmatic way of pulling security and application logs > from Windows machine. OR it can be a push model where windows can generate > events/traps. It should all be built-in in windows with no external tool installation. > > Looks like there is no NATIVE built in asynchronous event reporting from > windows (2000/2003/xp)? > It can be in terms of SNMP Traps as well. > > Given this, one can use Samba apis (rpcclient) to periodically pull the event logs > from windows. Is there any better way to accomplish the same programmatically > using Push or Pull model to get the security and application logs on windows from Linux ?Jeff Saxton <jeff.saxton@sensage.com> wrote: http://www.intersectalliance.com/projects/SnareWindows/ dave wrote:> Am a Linux guy and trying to support security monitoring for Windows devices. Am trying to find a programmatic way of pulling security and application logs > from Windows machine. OR it can be a push model where windows can generate > events/traps. It should all be built-in in windows with no external tool installation. > > Looks like there is no NATIVE built in asynchronous event reporting from > windows (2000/2003/xp)? > It can be in terms of SNMP Traps as well. > > Given this, one can use Samba apis (rpcclient) to periodically pull the event logs > from windows. Is there any better way to accomplish the same programmatically > using Push or Pull model to get the security and application logs on windows from Linux ? > > > -Dave > > > > > > --------------------------------- > Do you Yahoo!? > Next-gen email? Have it all with the all-new Yahoo! Mail Beta.-- Jeff Saxton SenSage, Inc. 55 Hawthorne Street Suite 700 San Francisco, CA 94105 Phone: 415.808.5900 Fax: 415.371.1385 Direct: 415-808-5921 Cell: 650-235-0776 mailto:support@sensage.com Enterprise Security Analytics SenSage, the leading provider of enterprise security analytics, offers unparalleled performance and a scalable means for organizations to centrally aggregate, efficiently analyze, dynamically monitor and cost-effectively store massive volumes of event log data. --------------------------------- See the all-new, redesigned Yahoo.com. Check it out.
dave
2006-Jul-21 01:12 UTC
[Samba] programmatical retrieval of windows event logs from linux
Am a Linux guy and trying to support security monitoring for Windows devices. Am trying to find a programmatic way of pulling security and application logs from Windows machine. OR it can be a push model where windows can generate events/traps. It should all be built-in in windows with no external tool installation. Looks like there is no NATIVE built in asynchronous event reporting from windows (2000/2003/xp)? It can be in terms of SNMP Traps as well. Given this, one can use Samba apis (rpcclient) to periodically pull the event logs from windows. Is there any better way to accomplish the same programmatically using Push or Pull model to get the security and application logs on windows from Linux ? -Dave --------------------------------- See the all-new, redesigned Yahoo.com. Check it out.