Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Need NT security evt log analyzer. 1

Status
Not open for further replies.
Andronium

Andronium

MIS
Jan 4, 2001
102
US
I'm looking for an app that can grab security logs from all of our domain controllers, analyze them, and put it into a readable form. It'd be nice to be able to make some graphs showing logins/attempted logins vs. time, or to show logins by username. Is there anything out there that can look at event logs and make customized views of them? Something along the lines of Webtrends for an NT event log is sort of what I'm looking for.

Any suggestions would be appreciated!

Andy
 
Sort by date Sort by votes
Take a look at Seagate Crystal Reports it can do all that and more you might need to do a bit of programming with the built-in VBA to display graphs and such like but it is no more difficult than something like Excel VBA.

Chris.
 
Upvote 0 Downvote
That sounds good, but unfortunately I don't know the first thing about VBA. Is it the kind of thing that could be picked up pretty easily?
 
Upvote 0 Downvote
Depends on how much $$$ you want to spend. There is a freebie out there called DumpEvt from SomarSoft at It comes with a mini-db in Access for extracting Login Failures and raw logs. Be careful though, the DB can get VERY big VERY fast. In about a week, I had about 700MB of data in the db. When I did a compact and repair, I ended up crashing another server (the other server is dependent upon the file server to be able to run a distributed app) because the C&R took exclusive access of the disk and caused other attempted accesses to timeout. SO, it would be a good idea to keep the DB on a local workstation HDD. I have since stopped caring about the other security items, just the failed logins. This has reduced the size of the db considerably.
 
Upvote 0 Downvote
I'm using ELM, nice tool, have it setup to monitor for specific events, when they occur, I get an email...

tntsoftware. its $295/server.

well worth the investment.

you can setup custom views the the management console.
very versitle.

 
Upvote 0 Downvote
DOH! I forgot about ELM. Star to you David! ELM is, hands down, the best event log monitoring solution I have seen. For a single server, it's not that pricey. The customization, services you can monitor, and the alerts that it offers are excellent
 
Upvote 0 Downvote
Thanks for the recommendations... I'll give it a look.
Andy
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
348
ADB100
ADB100
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
327
RRankin355
RRankin355
amanua
  • Locked
  • Question
Event ID 4776 Security Log
Replies
0
Views
253
amanua
amanua
Till
  • Locked
  • Question
Domain Admin Login Mail Notification
Replies
1
Views
311
technome
technome
WyeKnott
  • Locked
  • Question
Recover EMail From NTBACKUP
Replies
0
Views
216
WyeKnott
WyeKnott

Part and Inventory Search

Sponsor

Back
Top