Does anyone know of a good tool that monitors Windows and Linux log files and reports back? (mainly for attempted logins)

I guess I could probably code something, but surely something like this already exists.

TIA

__________________
Andy Booth

Naglotech Ltd Webhosting, Colocation, Consultancy
Cybernetic-Servers Game Servers, Dedicated Servers

Company No : 5326296
AS35327

__________________
Web Host - VIP Member

logwatch on Linux if you want to stare at screen after screen of email

ChrisB.

__________________
Chris Burton
8086 Limited (Company No.: 06336617 VAT No.: 920 5102 75)
Ever wanted to know who uses a DNS or MX server ? with DNS History you can find out.

__________________
Web Host - Certified Member

If you're looking for something to track failed SSH logins etc. then we use LFD (part of the CSF iptables toolkit) on Linux which can be configured to automatically drop trafic from the source IP. Quite flexible too, you can drop just SSH traffic and set the entries to age out etc.
Pretty sure it can handle FTP, POP3 etc. i you teach it what a failed login looks like in the logs.
Used to use BFD which does pretty much the same thing but isn't maintained any more and lacks some of the options.

__________________
Freethought Group Limited
Hosting and communications
Freethought Group Limited registered in London No. 5862996. Registered office: The Old Church Hall, 2A Cromwell Street, Lincoln, LN2 5LP.
Xion Internet and Freethought Internet are trading names of Freethought Group Limited.

__________________
Web Host - Certified Member

CSF from ConfigServer Services is very good and does exactly what you want for Linux. Not come across anything similar for Windows.

__________________
Chris at TDMWeb.com
Windows & Linux hosting and fully managed dedicated servers with great customer service!
UK-based but serving the world... (VAT No: 474698684)

__________________
Web Host - Certified Member

I think Welcome to the Home of OSSEC will do what you want, it is open source and works with most common OSs

Cheers,
Sean

__________________
» Sean Andrews,
» xoozoo.com ltd - www.xoozoo.com
» Free DNS Report tools - dr.xoozoo.com
» Company no:6482396

__________________
Web Host - Certified Member

Microsoft have one but I can't remember the name of it right now. It's pretty cool though as you can wait for a specific event and then make it automatically do the crash on ctrl + scroll lck so it dump's the memory. It's more for troubleshooting specific events but you could also set it up to e-mail when a login event is found. If you search Microsoft you will probably find it anyway but I will check my e-mails when I get a chance.

__________________
Matt Parkinson
Vooservers Limited - Company #05598156 - VAT #871961296
www.vooservers.com

__________________
Web Host - Certified Member

Is it Operations Manager Matt?

__________________
Andy Booth

Naglotech Ltd Webhosting, Colocation, Consultancy
Cybernetic-Servers Game Servers, Dedicated Servers

Company No : 5326296
AS35327

__________________
Web Host - VIP Member

Nope it's a free tool but I believe you have to go through Microsoft Support to get it and then they will e-mail it to you. I have got it on a server somewhere so if I find it I will let you know as the Microsoft link they sent me has expired now.

__________________
Matt Parkinson
Vooservers Limited - Company #05598156 - VAT #871961296
www.vooservers.com

__________________
Web Host - Certified Member