How to deploy a free Log Server for Windows
In Italy, till the 15th of December every IT Manager or System Administrator must be compliant to a privacy law that force all companies to check every six months the activities of System and Network admins.
Because of this law, every IT distributor and companies run to make different log products for sysadmins and the prices become very high in a bit.
But in most of cases the needed software can be cretaed by open source products, nad in this article i describe what i used to accomplish my task.
I forget a passage: the system for the server is Windows based.
What we need:
– A Server with Win2k3
– Snare Agent for Events monitoring on client machines
– LogClarity free log server(with MSSql Express)
– Solarwinds Kiwi Syslog Gen (for testing purposes)
The succession of tasks are the following:
– Install MSSql Server Express on win2k3
– Install LogClarity on the Server, the installation makes automatically the tables on MSSqlServer
Specify the log server port as described on the manual(usual 514);
– Install on a client machine the Kiwi Syslog Gen that sends syslog packets to the port of log server;
– Access to web interface of LogClarity Log Server (username and password are “syslog” and Click on “Submit” button to show the records of pkt s received. If are showed the records of packets sended by the client machine we are ready.
– Install SNARE on all Client or Server that must be monitored(in my case SNARE Objectives were logon/logoff of administrator accounts);
p.s. on Un ix there are a lot of solutions, in my opinion the best tools combination is: rsyslog + mysql + phpLogCon
p.p.s. a commercial tool very strong is Solarwind Kiwi Syslog or SawMill(that have very useful graph utilities)