[Samba] programmatical retrieval of windows event logs from linux

dave ceek63 at yahoo.com
Thu Jul 20 16:56:05 GMT 2006


I was only looking at Native windows support with no Hassles of
any external agent installation:
> Am a Linux guy and trying to support security monitoring for Windows devices. Am trying to find a programmatic way of pulling security and application logs
>   from Windows machine.  OR it can be a push model where windows can generate
>   events/traps. It should  all be built-in in windows with no external tool  installation.
>   
>   Looks like there is  no NATIVE built in asynchronous event reporting from 
>   windows   (2000/2003/xp)?
>  It can be in terms of  SNMP Traps as well. 
>   
>   Given this,  one can  use Samba apis (rpcclient)  to  periodically pull the event logs
>   from windows. Is there  any better way to accomplish the same programmatically
>   using Push or Pull  model to get the security and application logs on  windows from  Linux ?


Jeff Saxton <jeff.saxton at sensage.com> wrote: http://www.intersectalliance.com/projects/SnareWindows/

dave wrote:
>   Am a Linux guy and trying to support security monitoring for Windows  devices.  Am trying to find a  programmatic way of pulling security and application logs
>   from Windows machine.  OR it can be a push model where windows can generate
>   events/traps. It should  all be built-in in windows with no external tool  installation.
>   
>   Looks like there is  no NATIVE built in asynchronous event reporting from 
>   windows   (2000/2003/xp)?
>  It can be in terms of  SNMP Traps as well. 
>   
>   Given this,  one can  use Samba apis (rpcclient)  to  periodically pull the event logs
>   from windows. Is there  any better way to accomplish the same programmatically
>   using Push or Pull  model to get the security and application logs on  windows from  Linux ?
> 
> 
> -Dave
> 
>       
> 
> 
>    
> ---------------------------------
> Do you Yahoo!?
>  Next-gen email? Have it all with the  all-new Yahoo! Mail Beta.

-- 
Jeff Saxton
SenSage, Inc.
55 Hawthorne Street Suite 700
San Francisco, CA 94105
Phone:  415.808.5900
Fax:    415.371.1385
Direct: 415-808-5921
Cell:   650-235-0776
mailto:support at sensage.com

Enterprise Security Analytics

SenSage, the leading provider of enterprise security analytics, offers
unparalleled performance and a scalable means for organizations to centrally
aggregate, efficiently analyze, dynamically monitor and cost-effectively
store massive volumes of event log data.




 			
---------------------------------
See the all-new, redesigned Yahoo.com.  Check it out.


More information about the samba mailing list