转:https://www.manageengine.com/products/eventlog/windows-event-log-management.html
Event Log Monitoring, Analysis, Reporting and Archiving Software
Monitoring and reporting network-wide Windows servers, systems and network devices; along with compliance challenges and performance accuracy is a heavy responsibility. Your requirement under such a pressurized scenario would be a proactive event log monitoring solution that is potential and apt for the fast paced IT world, offering hi-tech, technically sound Windows log management solution. Plus, a tool that is compatible with all the versions of event logs:
- Windows 10
- Windows 8
- Windows 7
- Windows Vista
- Windows XP
- Windows 2000
- Windows NT
- Windows Server 2012 R2
- Windows Server 2012
- Windows Server 2008 R2
- Windows Server 2008
- Windows Server 2003
In this cloud computing age, cyber crime technology has advanced too, and this high scale of IT security breaches and cyber crimes require an even highly advanced Windows log monitoring solution that offers a hold on the security issues. What you seek in your Windows log monitoring solution is:
- Deriving A-Z information related to Windows events
- Continuously monitoring Windows activities
- Automatically organizing event log data
- Assistance in reinforcing security policies
- Increasing IT efficiency while reducing downtime
- Satisfying compliance audit requirements
EventLog Analyzer offers event log monitoring solutions that assist in secured business continuity even in the constantly evolving IT arena. If deployed, EventLog Analyzer performs to offer the following benefits:
- Legal compliance and company policy adherence by retaining all the event log information required for audits
- Compilation of several event logs centrally located for convenience and security backup purposes
- Stay on guard even in your absence! With the dynamic alerting feature that is configured and can be customized to alarm you on any suspicious, malicious activity occurrence
- Automated archiving of Windows events and display of those Windows events that are of priority for the security admin personnel's view
- Analyzing the Windows events logs for correct categorization of events to be systematically organized for better view and report generation
- Narrow down your search by customizing the tool to view event logs that are specific to your relevance
- Continuous monitoring without any manual intervention and attention requirement
- High Scalability to incorporate large volumes of Windows events
The solution is designed to perform a set of functions. The role of EventLog Analyzer event log monitoring system is as follows:
- Collecting event logs
- Normalizing Windows events
- Aggregating event logs
- Archiving event logs
- Analyzing event logs
- Correlating event logs
- Generating pre-built reports,
- Generating regulatory compliance reports
- Generating historical trend reports
- Generating alerts for specific Windows log events
- Assisting in compliance audits for various regulatory acts such as HIPAA Compliance, GLBA Compliance, PCI-DSS Compliance, and Sarbanes-Oxley (SOX or SARBOX)
- Reducing system downtime
- Increasing network performance
- Tightening security policies
The ManageEngine Suite invites you for a free trial of EventLog Analyzer to try and test the product's worth. You are soon to explore the features and acknowledge the reasons for EventLog Analyzer to be a beneficial event log monitoring solution.
Some of the many Windows Event IDs and Windows Vista Event IDs recognized by EventLog Analyzer are listed below:
Windows Event ID | Windows Vista Event ID | Event Type | Description |
---|---|---|---|
512, 513, 514, 515, 516, 518, 519, 520 | 4608, 4609, 4610, 4611, 4612, 4614, 4615, 4616 | System Events | Identifies local system processes such as system startup and shutdown and changes to the system time |
517 | 4612 | Audit Logs Cleared | Identifies all the audit logs clearing events |
528, 540 | 4624 | Successful User Logons | Identifies all the user logon events |
529, 530, 531, 532, 533, 534, 535, 536, 537, 539 | 4625 | Logon Failures | Identifies all the failed user logon events |
538 | 4634 | Successful User Logoff | Identifies all the user logoff events |
560, 563, 565, 566 | 4656, 4658, 4659, 4660, 4661, 4662, 4663, 4664, 5147 | Object Access | Identifies when a given object (File, Directory, etc.) is accessed, the type of access (e.g. read, write, delete) and whether or not access was successful/failed, and who performed the action |
612 | 4719 | Audit Policy Changes | Identifies all the changes done in the audit policy |
624, 625, 626, 627, 628, 629, 630, 642, 644 | 4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740 | User Account Changes | Identifies all the changes done on an user account like user account creation,deletion, password change, etc. |
(631 to 641) and (643, 645 to 666) | 4727 to 4737, 4739 to 4762 | User Group Changes | Identifies all the changes done on an user group such as adding or removing a global or local group, adding or removing members from a global or local group, etc. |
672, 680 | 4768, 4776 | Successful User Account Validation | Identifies successful user account logon events, which are generated when a domain user account is authenticated on a domain controller |
675, 681 | 4771, 4777 | Failed User Account Validation | Identifies unsuccessful user account logon events, which are generated when a domain user account is authenticated on a domain controller |
682, 683 | 4778, 4779 | Device Session Status | Identifies the session re-connection or disconnection |
EventLog Analyzer also supports logs received from other syslog supported systems & devices.
Using EventLog Analyzer you can archive or store these event logs, and also generate event log reports in real-time. You get instant access to wide variety of reports for events generated across devices, users, processes, and device groups. You can also obtain pre-defined compliance reports to meet HIPAA, GLBA, PCI, and Sarbanes-Oxley audit requirements.