Is there a way to forward Windows Server event logs to Security Onion?
1,728 views
Skip to first unread message
val...@gmail.com
Feb 3, 2015, 7:15:25 PM2/3/15
to securit...@googlegroups.com
I need to collect and retain Windows Server event logs. Is there a way to forward the logs to Security Onion and then parse with one of the Onion tools as needed?
Thanks!
Thanks!
Doug Burks
Feb 3, 2015, 7:20:04 PM2/3/15
to securit...@googlegroups.com
Hi Valicon,
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
One option would be to install the OSSEC agent on your Windows server and then point it at your Security Onion box. This will give you:
Log collection
Log analysis
File integrity checking
Root kit detection
I need to collect and retain Windows Server event logs. Is there a way to forward the logs to Security Onion and then parse with one of the Onion tools as needed?
Thanks!
--
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at http://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com
Michał Purzyński
Feb 3, 2015, 7:27:50 PM2/3/15
to securit...@googlegroups.com
You could also use nxlog for log forwarding. We do it here with great
success. Will not give you any kind of analysis, just forwarding.
success. Will not give you any kind of analysis, just forwarding.
val...@gmail.com
Feb 3, 2015, 7:28:18 PM2/3/15
to securit...@googlegroups.com
Thanks Doug! Is the OSSEC agent a "safe" application? Any known security issues with it?
Doug Burks
Feb 3, 2015, 7:33:55 PM2/3/15
to securit...@googlegroups.com
I'm not aware of any known security issues with the OSSEC agent.
val...@gmail.com
Feb 3, 2015, 7:38:33 PM2/3/15
to securit...@googlegroups.com
Awesome thanks. Is there any documentation on the SO blog for this?
Doug Burks
Feb 3, 2015, 7:41:35 PM2/3/15
to securit...@googlegroups.com
Lee Sharp
Feb 4, 2015, 12:13:59 AM2/4/15
to securit...@googlegroups.com
On 02/03/2015 06:15 PM, val...@gmail.com wrote:
> I need to collect and retain Windows Server event logs. Is there a way to forward the logs to Security Onion and then parse with one of the Onion tools as needed?
You can also use eventlog-to-syslog to do the same thing.
> I need to collect and retain Windows Server event logs. Is there a way to forward the logs to Security Onion and then parse with one of the Onion tools as needed?
https://code.google.com/p/eventlog-to-syslog/ If you are using syslog a
lot, it may be better then the OSSEC agent, but essentially they do the
same thing.
Lee
Andrea De Pasquale
Feb 4, 2015, 9:16:21 AM2/4/15
to securit...@googlegroups.com
For the sake of completeness, another option is using Snare/Epilog to send logs&events to a remote syslog:
http://sourceforge.net/projects/snare/files/
Regards,
-- Andrea
http://sourceforge.net/projects/snare/files/
Regards,
-- Andrea
Reply all
Reply to author
Forward
0 new messages