hey all!

well i'm complete beginner when it comes to linux of pretty much any type (other than a few liveCDs) but i've decided on a challenge / project that'll hopefully resolve this.

basically what i'm going to try is to build a centralized event log monitoring system to pull all the logs from the windows servers on our network using linux and only free software. this may be expanded later on to cover IDS, but lets not get ahead of ourselves just yet!

as far as i can see, i'm going to have to break the project down into these sections:
find and install an OS
find some way of pulling event logs of a win2k server
look into database storage - i'm thinking mySQL or similar
develop the reporting and alerting side.

as i'm starting from fresh i could do with as many suggestions / comments as possible really, but my first questions are:

has this been done before?
what flavor of linux would you recommend for this kind of project?
how demanding on the hardware do you think this would be? i've got a few soon to be retired ex-NT4 desktops that i'm thinking of using
have i bitten off more than i can chew? lol

Cheers, all.

Tim.

Well, at first glance I'm thinking you would use Samba to move the files from the win2k server to the linux machine. I don't think the distribution you use is that crucial here. Go with whatever distro you are comfortable with. Then you can write a little program to get the event logs and store them in mysql.

Not sure how or what you want to display from the events log. Do you want to write your own software for this or are you looking for pre existing software? Also, do you want this to be in real time or have it batch update every hour or 10 minutes or whatever?

find some way of pulling event logs of a win2k server

There is your problem. Better work on that before wasting your time on anything else.

Frankly, you're better off with a Windows solution in this case.

One of the ways i've come across so far is to install something to push the logs out to a syslog server..... but i'm still looking into that bit lol i've found eventreporter so far.... but that cost money

ideally i'd like the logs to be dumped into a database so that they can be archived and I can run searches / queries against it looking for trends etc. on the running side, i'd love it to be real time but i think that might be asking a little much. If i can get it to run every few minutes then i'd be a happy bunny.

i've never writen software before from scratch so I think that'd be beyond me at the moment. I'd like to have a few bits of software that do the individaul sections and then work on getting them working together.



Kdr Kane, i know there's ways of doing it as i've run across a few bits and pieces of software that would fill the bill. so hopefully there'll be some freebe ones out there somewhere too I must admit, using a windows solution was my first idea but i'd like to give this linux lark a crack and see how it all shapes up. It'll probably be tricky, but i'm in no great rush and am looking forward to the challenge

i think if you have samba on the linux server you could make the windows server do all the logging to the samba server... or at least make it copy the logs to the samba server every few minutes... once you have the windows box logging to the linux box via samba, then you can focus on getting those logs into the mysql databse... anyways, it's just a thought...

I'm not familiar with the topic so I can't suggest specifics, but freshmeat lists 361 projects related to "logging" and 8 also relating to ms environments - there might be something useful in there:

http://freshmeat.net/browse/148/