App / Script for Windows events logging

Discussion in 'other software & services' started by adrian_sc, Jul 11, 2017.

  1. adrian_sc

    adrian_sc Registered Member

    Joined:
    Jun 24, 2017
    Posts:
    31
    Location:
    Poland
    Hello,

    Are you know about some application or script that could be use to track all data from Windows events? I mean similar solution, commercial or free like SysInternals Process Monitor that might be use to:

    - tracking changes in registry (created, modyfied, deleted, read keys / values)
    - tracking changes into file system (create, modyfied, delete, read files)
    - tracking network activities by all processes
    - logging shell command (parametries cmd, powershell, wscript...)
    - logging process created
    - management by the command line
    - export all activities log to file XML / CSV
     
  2. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    You might find this one useful Log-MD:

    https://www.imfsecurity.com/why-log-md/

    Then, of course, there is SysInternals' Sysmon:

    https://technet.microsoft.com/en-us/sysinternals/sysmon
     
  3. adrian_sc

    adrian_sc Registered Member

    Joined:
    Jun 24, 2017
    Posts:
    31
    Location:
    Poland
    @Lockdown The Log-MD looks powerful. I will contact with the authors and ask them if their software is enough for my requirements.
     
  4. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    The Log-MD publisher is a Windows logging expert, so if anyone can point you to a product that will meet or exceed your needs, then it is him.
     
  5. adrian_sc

    adrian_sc Registered Member

    Joined:
    Jun 24, 2017
    Posts:
    31
    Location:
    Poland
    @Lockdown Have you know another solutions? Log-MD seems have bug and it doesn't work properly on my testing computer.
     
  6. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    any reason for you to track all actions on system, tracking user in special? be aware that your logs will become giga- or terabytes?
    if you want to track users you need to modify their contracts otherwise no legal action.
     
  7. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    Sorry @adrian_sc I do not know of anything else. Maybe there is a similar product out there, but I have yet to find it. I have searched many times in the past for a really good log utility, but never could find anything worthwhile other than Log-MD.
     
  8. adrian_sc

    adrian_sc Registered Member

    Joined:
    Jun 24, 2017
    Posts:
    31
    Location:
    Poland
    Non-serious reason. I need to logging the changes made by malware. The additonal advantages are include handling of white lists of processes / paths / registry keys, etc. All of this has Log-MD. But I have not been able to start it yet. I contacted with the author and now we're on the right way to resolve my issue.

    Besides, the software / script must supported the command line management and export logs to CSV / XML / TXT. All similar programs that based only on GUI are not suitable for my requirements. SysInternal Process Monitor would be enough but it does not suitable for commercial use.
     
  9. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    I hope Log-MD author can fix it for you. I could not find another system logging utility that combines everything into it as does Log-MD.
     
  10. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    thx.

    i hope you work only for your own.
     
  11. adrian_sc

    adrian_sc Registered Member

    Joined:
    Jun 24, 2017
    Posts:
    31
    Location:
    Poland
    @Brummelchen @Lockdown
    The Log-MD Professional is great and contains all features what I need. Thanks a lot.
     
  12. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    I will be following your Colossus project closely.

    Log-MD Pro is pretty good, don't you think ?
     
  13. adrian_sc

    adrian_sc Registered Member

    Joined:
    Jun 24, 2017
    Posts:
    31
    Location:
    Poland
    The project will be publishen in another name. And yes. Log-MD is a good piece of software.
     
  14. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    I want to thank you ahead of time as I know it will require a lot of work.
     
  15. adrian_sc

    adrian_sc Registered Member

    Joined:
    Jun 24, 2017
    Posts:
    31
    Location:
    Poland
    In fact, we are working on that since January 2017, so on this time everything in the back-end is almost done. If everything goes according to plan, the first official test will be in October and first comparative result will be published in November. But more details can be given via @.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.