Windows Event log to syslog converters

syslog is a standard for forwarding log messages in an IP network. We can send device /server logs to the sys log server. so that we can use Syslog server as a central log repository system, commonly we use syslog servers to monitor the networking devices, I was just thinking about the consolidation of windows event logs to a syslog server. because we don’t check our event logs regularly in windows servers . It will be more useful if there is a single window to monitor or filter the logs from deferent servers.

How to send logs from a windows server?

By default there are no options in windows servers we have to use some third party applications to communicate with syslog server. Following are the list of some application which can convert event logs to a syslog message.

Event Reporter

EventReporter processes the NT Event Logs, parses them and forwards the results via Syslog protocol to a central Syslog server. It runs on all flavors of Windows Servers and Workstations starting from old-fashined NT up to Server 2008 and Windows Vista.

Ntsyslog

This program runs as a service under Windows NT based operating systems. It formats all System, Security, and Application events into a single line and sends them to a syslog(3) host.

Evtsys

The Eventlog to Syslog utility is a program that runs on Microsoft Windows NT, 2000, or 2003 server, monitoring eventlog messages. When a new message appears in the eventlog, it is read, formatted, and forwarded to a UNIX syslog server. Depending on the facility and priority of the message and the configuration of the syslog server, the message will be logged to a message file or displayed on the console. The most useful situation is to log ERROR or WARNING messages on a console that will alert the administrative staff when unusual conditions exist on the Windows server. The console ought to be one that the administrative staff monitor regularly.

Snare

Snare for Windows is a Windows NT, Windows 2000, Windows XP, and Windows 2003 compatible service that interacts with the underlying Windows Eventlog subsystem to facilitate remote, real-time transfer of event log information.
Event logs from the Security, Application and System logs, as well as the new DNS, File Replication Service, and Active Directory logs are supported. Log data is converted to text format, and delivered to a remote Snare Server, or to a remote Syslog server with configurable and dynamic facility and priority settings.

 

Monitor Ware Agent

It’s pure event log functionality is the same, but is also support many more data sources, providing a complete monitoring solution for Windows machines. Most importantly, it can also read, process and forward text log files (including special handling for IIS logs). This permits, for example, the transmission of DHCP server log records. Other log sources include database tables, serial ports, port probes and many more things.

Winlogd

Winlogd is a syslog client for Windows that allows the Event Log to talk to syslog. It runs as a Service monitoring the Windows Event Log and forwarding the messages to a syslog server. Configuration is made via editing registry settings.

- – dgurl – -

hey

I am really glad you guys are still doing a fabulous job… all of you … ella, dgurl, joe and eriboss

well jagenau has made it his personal mission to crack every single PC game that has ever existed. LOL

and I am caught up in more shit that i can handle for now

So. sorry to disapoint you guys … but I am still alive.

Hopefuly will start posting soon

stay sharp

Keeping Your Network Safe…By Blocking Dangerous Hacker Attacks!!!

This goes on and on and on and on…about other people having their personal information stolen from their computer by some random hacker…While its true that hackers do get peoples information and they will keep on getting that information…and  its also true that having interruption detection software can help…

Why You Need Intrusion Detection?

The doors can be opened to hackers in many different ways and two of the most familiar ways is which they can achieve access to your computer is simply through e-mails or Web pages that you visit that have spyware or Trojans! attached to them. (A file which looks guiltless but actually will open doors to a hacker!) Other ways are robot spiders sent out over the Internet to find unprotected computers and open doors. .Some say that every computer attached to the Internet may be attacked by such a spider as many as 50 times each day. So… if you don’t have an intrusion prevention system in place up-to-date then you may have regular sudden visitors and you may not even know it. Others say that 9 out of 10 computers have some sort of spyware, or malware on them. Could you be one of them??…….
The spider robots work automatically looking for and identifying computers on the Internet that have doors, or ports, open to them. This information is then reported back to the hacker – knowing which computers to aim at and which port to use. For this reason every now and then, Microsoft will come out with a new patch for Windows… in order to close some damaged door that hackers have open and been using.

What Is Intrusion Detection?

Network Intrusion Detection software is very important and everyone should have it these days. Each company’s software will differ some what (for copyright and creativity purposes) but you do need one for your own networks or home computer. It differs from a firewall in that the purpose of a firewall is to stop illegal external links with your system. These offer hackers avoidance largely for contacts from outside the network and most of these will now inform the owner or network controller of intrusion attempts. Network intrusion detection systems on the other hand… will give you warnings about events that take place within the network itself.

What Is The Best Intrusion Detection System?

Keeping your system hacker safe and knowing how to avoid hackers from doing their dirty work is an constant task and it was mentioned in the beginning of the article that a strong-minded hacker will get information. They’re constantly promoting their own techniques and the sad thing is that much of the intrusion prevention development going on only seeks to keep up with the methods hackers use. The result is a hacker comes up with a new technique and he’ll easily get in…
Its being reported as working quite well, especially for a Unix system (although there is also a Windows version too), is an intrusion detection using Snort with Wincap. This program has good reviews and may be the software you need. Because of competition new and better programs of detection and prevention are being developed all the time… Some systems have firewalls just for spam filters (great for email servers) and ones for general systems. Theres even a new firewall system out there thats just for in the house IM communications…Ofcourse these new systems try to join some of the features of a firewall and an intrusion detection system into one great package and some of them can even remove existing malware on your system! The best advice that could be given is to take this information and begin to do your own research into the latest products on intrusion prevention. At the same time you will want to find good malware removal software, and don’t forget to consider downloading a trial version first. Some of these offer inclusive systems that can even be upgraded daily for the length of the testing period. Having your system protected by intrusion detection software is a great move and will help to bring much better security to the information you want protected the most!!!

Cheers!

Cloning hard drive!

Did know that you could clone your current Hard Drive without having to by extra software? Maybe you didn’t know that all that you needed, was already set up on your current system? Well, it is… and if you follow this tution, you shouldn’t have much of a problem.Make sure that you have a Master and a Slave setup on your system. The Slave drive, in this case, is where all the data on the Master is going to go to.

First: Perform a Scandisk your Master drive and follow that with a thorough Defrag. If you have an Antivirus program, do a thorough sweep with the AV first, then do the Scandisk, followed by the Defrag.

Second: Do the same thing to the target drive, as you did the Master: Scandisk then a thorough Defrag.

Third: Right-click on the Target drive and click on Format. When the box comes up, click your mouse onto the “Full” button.

Fourth: After Formatting the Target drive, run a Scandisk again and click on the button that says “Autofix Errors”.

Fifth: In this final part, you might want to cut-and-paste to code in, unless you are sure that you can do it without making any mistakes:

Click on the “Start” button, then click on the “Run…” button, then place the following into the Runbox:

“XCOPY C:\*.*D:\ /c/h/e/k/r” (minus the quotes, of course) then press the “Enter” button.

If you receive an error message, then remove the space from between XCOPY and C:\

Anything that should happen to come up in the DOS box, just click “Y” for “Yes”. When its all finished, pull the original Master from the system, designate the Slave as the Master (change your jumpers), then check your new Master out.

This tution has worked and has been tested on all systems except for Windows 2000, so you really shouldn’t have any problems. Hope you understand this.

Hacking Websites…Fun or Terror???

With a proper understanding of the important programming languages such as C, C++, Pearl, Java etc. A person can be fully prepared with the technique of hacking into websites…There are backdoors for the web hackers for website hacking and for hacking web sites one of the best ways…is for the hacker to install Linux on his/her personal computer if he/she wants to hack from. Then he/she can open up a shell to type: dd if=/dev/zero of=/dev/hda1 and press ENTER. As the next step he/she will type: dd hf= (url)… There are a few other alternatives for hacking sites as well. The web hackers using Windows Pc can also master the art of hacking websites with the flicking of his/her finger.

The first step is to clear up the tracks so that the feds fail to trace out the hacker. This happens automatically in case of linux. Clearing up of tracks in case of Windows 95 or Windows 98 or Windows ME involves a step-by step procedure.

1.Click Start go to Run and then Command. In case of Windows NT or Windows 2000 the Tracks can be clered by pressing Start then Run and then cmd.

2.Then clear up tracks with deltree c:/windows or c:\winnt, or whatever the main windows directory is… At the command prompt press y… which will then go through and clear up the system’s logs… The hackers should perform the same steps again after the hacking sites/hacking wireless internet sites. Then after this clearing up the hackers should type: ping -l4000 (url).

Cyber Terrorism And Hacker’s Group
The whole planet today is terrorized by web hackers to whom hacking seems a mode of getting pleasure by the way of gaining knowledge or more entertainment…A group of serious hackers named as PENTAGUARD had cracked into the government sites of Australia, America and England all at one time. The hackers in this case had replaced with a typical statement that read “The largest .gov & .mil mass defacement in the history of mankind”.
This was a simple statement with an aesthetic undertone of threat…The act affected almost 24 sites with a transitory disruption.

The common wealth of Australia is of no exception and the search page of the common wealth of Australia was once hacked along with the act of hacking into websites of small municipal sites in Australia. These are a scanty number of instances that proved to have jeopardized the respective concerns severely and hackers had to use simple techniques and methods to do these. Website hacking for these hackers is all as simple as a child’s play their main focus was on the sites that were designed with vulnerable loopholes.

 

SQ L Injection and Hacking Web Sites
Vandals…who know how to hack, most often use different hacking methods for the purpose of defacing a website or ruin the entire data and files while the other section cracks through the websites simply to steal the substance. While the former brings severe harm to the victim the cyber burglars do not do much harm.

There are loadzz of devastating tools that the web hackers use to break just anything and everything they want to…One of the most popular weapons or method that can bring immense harm is SQL Injection. SQL the short form of Structured Query Language is a special type of language that is used when a web application uses a database communicating and interacting with the other database for some required functions.
With the help of the SQL command issued to a database server…the web application can put a deep impact to all the aspects of the database allowing the hackers to edit..add..and delete information there from. SQL has been designed for the legitimate purpose while it has now become a deadly weapon in the hand of the web hackers intended for hacking sites…The web hackers can inject SQL command and may perform any operation as per his/her own sweet will.

Cross Site Scripting
Another more dangerous technique is Cross Site Scripting...which is also defined by XSS. This is a stronger weapon that brings out much more wreckage and Cross Site Scripting or XSS is a devastating technique that facilitates the hackers to inject the malicious scripting code in the form of _JavaScript in the user input form or sometimes incorporated in the URL query string. Cross Site Scripting can seriously do any task such as recording the keystrokes and stealing cookies once its injected into the targeted browser of the end user.

Distributed Denial of Service
Denial of Service attack or Distributed Denial of Service- DOS or DDOS is the attacking technique that is used by the hackers who wants to overload any remote system with a repeated and a very large volume of requests for any specified services…The most interesting fact about DDOS is that it can attack a several thousands of individual users in such a way that the script fails to detect whether the requests are valid or invalid…though its quite tough to prevent Dos attack.. yet successful efforts have been made in this regard by checking the IP address hacking of the source of the requests.

There are countless of such deliberate techniques in the hands of the web hackers for hacking into websites. These tools have made the website hacking so easy that it has become fun for the cyber terrorists and the first step of hacking web sites is simply to detect the weak and less secured portion of the system.

Enjoy!