Monitor third party log file

Monitor third party log file (Full Version)

All Forums >> [Network Security] >> GFI EventsManager

Message

Mc2102 -> Monitor third party log file (30.Jun.2008 1:05:18 PM)
Hello, I am evaluating EventsManager 8 and so far I like the product. But it seems like that this tool does not support monitoring of a third party log file. For example I would need to monitor the log files for certain applications. I checked the forum and also the user manual but I am not able to find this function. Or am I not looking at the right place? Marcus

DrewE -> RE: Monitor third party log file (30.Jun.2008 1:19:48 PM)
Marcus, Unless the log file is in W3C Format, GFI EventsManager will not be able to monitor it. Our software can monitor Windows Event Logs, Sys Logs, W3C Log Files, SNMP Messages, and Microsoft SQL Server Audits.

Mc2102 -> RE: Monitor third party log file (30.Jun.2008 3:53:18 PM)
DrewE, Thanks for the response. Last question: These 'Microsoft SQL Server Audits' you are talking about. Which log files or system databases are these audits using? It would be helpfull to know otherwise how would I know what additional rules I can create? I checked the documentation for that as well but I was not able to find there anything in there. Marcus

spidermouse -> RE: Monitor third party log file (1.Jul.2008 5:51:28 AM)
the SQL database audit option will read from the SQL profiler, which you have to set up on the target database first. This is not all bad. IMO, the SQL profiler was a much underused feature in SQL. So if people spend some time looking at again, it has to be a good thing. P.S.: the target database must be a different one from the eventsmanager database. i.e. EVM 8 can not monitor its own DB.

Mc2102 -> RE: Monitor third party log file (1.Jul.2008 11:03:48 AM)
Spidermouse, Intresting. I know how to use the SQL Profiler and how to set it up. You can write a trace to a file or a db table. The part I do not understand is how to tell the GFI Eventsmanager to use this specific file or table ??? I mean somehow I have to tell GFI where it finds the trace. Thank you Marcus

spidermouse -> RE: Monitor third party log file (1.Jul.2008 12:27:35 PM)
believe it or not, Eventsmanager will poll from every trace that is running on that DB. If you have other traces running on that SQL that you do not wish to have analysed by EVM, then you will simply make sure that no policy matches the trace and it will be discarded.

Page: [1]