|Subject:||Security Logging on Central Server|
|Posted by:||Will (firstname.lastname@example.org)|
|Date:||Sat, 10 Feb 2007|
Does any vendor make a product that would record not just the
metainformation for each incoming and outgoing connection on each machine
(source and target IP, ports, etc) but also Windows OS specific information
like process name and PID, and record all of that in a central database
using SQL Server?
It would be extremely nice if I could then go to a management console and do
complex queries and see certain traffic patterns (e.g., all attempts to
connect to IP=x in the last 90 days). You might find as an answer that
three machines on your network connection to that target IP and do so using
a process whose name is namgr.exe, for example. Having this kind of
information is an invaluable time saver over the old fashioned methods of
sniffer and sysinternals tcpview.