With Steve Massman and Travis Reddick
KiwiSyslog and SNARE client as well as Logcheck & other open source utilities.
Could get emails every 30 mins that you have to read. Download and read OS security guides!
Log everything – everything. Success and failures both.
Use 2003 or 2008 and use an existing machine if it’s not heavily used, use a software firewall allow only your machine to RDP, lock down ports to only logging servers. No virus software necessary.
Kiwisyslog -$300ish – separate log files by machine
SNARE – free, log sys and security, domain controllers add directory service, DNS and file replication logs, look for new events in Kiwi
Log check – for 2003, logcheck.ignore is what you use to filter your logs to keep from being overwhelmed, examples of what goes into logcheck.ignore file, Case matters, be specific
Configuring scheduled task – in 2008, disable “network access: do not allow storage of passwords and credentials for network authentication” or the task won’t run.
Splunk? Can manage ASA files – useful for us!
Downloads – FTP://FTP.more.net/pub/s_P/massmans