Splunk is a great tool to monitor and review many different kinds of log files. In some cases it can occur that you want to be alerted of specific types of events, but only for occurrences of the events that are not defined in an exceptions whitelist. For example: you may want to be alerted of all logons to your server by users who are not IT employees. While it is possible to enumerate all exceptions in the search query, this article shows how this can be done by storing all exceptions in a CSV-file.
An Audit policy determines the security events to report to administrators so that user or system activity in specified event categories is recorded. The administrator can monitor security-related activity, such as who accesses an object, when users log on to or log off from computers, or if changes are made to an Audit policy setting. For all of these reasons, Microsoft recommends that you form an Audit policy for an administrator to implement in your environment.
When many events logs are being generated, the possibility exists that events are being overwritten to quickly, which causes that important information would be lost. Increasing the maximum size of the Windows Event Logs might help to store events longer on each computer.
This page shows you how you can create a Nagios plugin to check how much bandwidth the server is currently using. In order to do this, we will use the tool vnstat. This tools offers the functionality to check how much bandwidth you use over the last 5 seconds.
How to configure syslog-ng so that logged events are transformed into SQL queries that are then immediately executed in MySQL. Or... How to store syslog messages in a database.