Does anyone know of a good tool that monitors Windows and Linux log files and reports back? (mainly for attempted logins)
I guess I could probably code something, but surely something like this already exists.
TIA
Andy Booth
Naglotech Ltd
Company No : 5326296 AS35327
logwatch on Linux if you want to stare at screen after screen of email
ChrisB.
Chris Burton Othello Technology Systems Ltd AS29527 Company#03894981 VAT#GB-782561410 Tel:0871 277 6875
consultancy domains email forwarding resellers ecommerce colo rackspace ip transit secondary mx/dns dedicated servers backup/DR
* OthelloHosts.net Linux and Windows High-Availability Professional Email / Web / Secure Hosting
* OthelloVPS.net Managed Xen Enterprise Virtual Private Servers and Dedicated Servers
# Currently buying web hosts and domain resellers - www.hostacquisitions.co.uk
Views expressed in this post are my own and not Othello Technology Systems Ltd.
If you're looking for something to track failed SSH logins etc. then we use LFD (part of the CSF iptables toolkit) on Linux which can be configured to automatically drop trafic from the source IP. Quite flexible too, you can drop just SSH traffic and set the entries to age out etc.
Pretty sure it can handle FTP, POP3 etc. i you teach it what a failed login looks like in the logs.
Used to use BFD which does pretty much the same thing but isn't maintained any more and lacks some of the options.
Freethought Internet Limited
Hosting and communications
Freethought Internet Limited registered in London No. 5862996. Registered office: The Old Church Hall, 2A Cromwell Street, Lincoln, LN2 5LP.
Xion Internet and Powercore Networks are trading names of Freethought Internet Limited.
CSF from ConfigServer Services is very good and does exactly what you want for Linux. Not come across anything similar for Windows.
Chris at TDMWeb.com
Windows & Linux hosting and fully managed dedicated servers with great customer service!
UK-based but serving the world... (VAT No: 474698684)
I think Welcome to the Home of OSSEC will do what you want, it is open source and works with most common OSs
Cheers,
Sean
» Sean Andrews,
» xoozoo.com ltd - www.xoozoo.com
» Free DNS Report tools - dr.xoozoo.com
» Company no:6482396
Microsoft have one but I can't remember the name of it right now. It's pretty cool though as you can wait for a specific event and then make it automatically do the crash on ctrl + scroll lck so it dump's the memory. It's more for troubleshooting specific events but you could also set it up to e-mail when a login event is found. If you search Microsoft you will probably find it anyway but I will check my e-mails when I get a chance.
Is it Operations Manager Matt?
Andy Booth
Naglotech Ltd
Company No : 5326296 AS35327
Nope it's a free tool but I believe you have to go through Microsoft Support to get it and then they will e-mail it to you. I have got it on a server somewhere so if I find it I will let you know as the Microsoft link they sent me has expired now.Originally Posted by andyb28
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
