re: The Security Log Haystack – Event Forwarding and You

sgrinker — Mon, 29 Aug 2011 16:16:02 GMT

Awesome post... Event Forwarding is your friend!

For anyone interested, you can couple Event Forwarding with PowerShell to essentially get a "poor mans" auditing utility. Basically forwarding then parsing data from Security log audit events into SQL for alerting and reporting.

Definitely not looking to self promote, but thought I'd share if anyone can find it useful. I know it has definitely come in very handy around here, so hopefully someone else can find some use of the work.

Please don't use the comments here for any troubleshooting or assistance if you decide to use the module. Anything additional regarding the utility should be posted at the CodePlex link...

pseventlogwatcher.codeplex.com/documentation

Thanks!

Steve

re: The Security Log Haystack – Event Forwarding and You

aemiller — Mon, 29 Aug 2011 15:56:53 GMT

I had done this about a year ago with my 2003 DCs. It was a pain. I am very happy to see this published and all in one place.

Allan "You better get busy then" Miller