IMHO, you get what you pay for.
Are you referring to this product?
http://sourceforge.net/projects/eventlogmonitor/
If so, it looks like it can only deal with windows logs. That is not going to
get you very far. If you want to know what is going on within your network,
you really need something that can handle syslog messages as well (routers,
firewalls, etc.).
Although not pertinent to the product you mentioned, I remembered reading on
GFI's website about their event log management product. They were *boasting*
that their collector could handle up to 6 million events per hour. That boils
down to a paltry 1667 events per second, which is absolutely pathetic. A
couple of core routers/firewalls could easily overwhelm this.
James Winzenz
Infrastructure Engineer - Security
Pulte Homes Information Services
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of ottobeli82@yahoo.com.br
Sent: Friday, February 01, 2008 9:08 AM
To: focus-ms@securityfocus.com
Subject: Re: Fwd: Centralizing Event Viewer Logs
Is there someone who already tried the product SB Eventlog Monitor?
I´m thinking about starting some tests in my network (all windows, 2000
machines) centralizing all the logs in one server, but I would like to hear
from you any kind of experience with this product.
I would like to know how the product behaves concerning network traffic,
manageability and event correlation.
CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately by
email and delete the message and any file attachments from your computer.
Thank you.
