Consolidating Event Monitoring

One of my clients already has SNMP server and Network-wide monitoring. Their problem is that they recently had a conficker malware attack. A lot of this registered on microsoft Domain servers as invalid login attempts.

These failed login attempts did not show up on their syslogs. So my task was to find a way to move the windows event logs over to the syslog server. It had to be easy to use and install, preferably, free.
Thankfully, the nice guys from Purdue University had one! It is called EventSys (this is the link: https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/)

Sure enough, I just downloaded the software, extracted it to the winnt/system32 and then run the command line command! Then i went over to the services and started the service!

That was it!! Cool! My thanks to the guys that did this eventsys software!!

Leave a Reply

Time limit is exhausted. Please reload CAPTCHA.