Sunday, February 4, 2007

Centralized logging and audit of Windows-based servers and network devices.

The job on which I am currently working involves designing an architecture for a centralized logging and auditing system for heterogeneous environments. Now that the global functional architecture is nearing completion, I am listing product criteria and I am working to a short list of vendors and products that we will consider. On the list are GFI's EventManager, Cisco's Mars appliance and possible NetIQ's Security Manager.

All three products are basically capable of doing the same thing: they can collect log data from several sources (Event Logs, Syslog, SNMP traps, flat file) and understand a lot of the data provided via those mechanisms.

While I have been less than positive about Microsoft products, I am slowly revising my opinion. I still prefer Unix platforms for developers, but for office environments, Windows is really not as bad as I thought it was before.

I think there are two main reasons why I am honing my opinion:

1) I have never worked in a Windows-only environment.

2) I was never aware of products, such as MOM, SMS, etc.

I'll post a wrap-up of the functional design when it is ready and the company that I work for has given the green light.

No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.