CoSN Community

Expand all | Collapse all

SYSLog server options

  • 1.  SYSLog server options

    Posted 07-05-2017 17:01

    My district is wanting to implement a syslog server so we can track user activities such as login and logout times.  We have had enough legal issues the last couple years with staff and student problems which led us to realize we need more data to help with forensic investigations.  There seems to be every flavor out there from free to paid version of software to extrapolate the data.  We are simply looking for a system that can hold the transaction logs for at a minimum 1 year and allow us to go in and search for individual user activity if and when the issues arise.  I dont mind going with a system that has less bells and whistles to save overall costs. 

    Any insight would be helpful.

    Russ Hendrickson

    Senior Information Systems Manager

    Missoula County Public Schools

    rhendrickson@mcps.k12.mt.us

    406-728-2400 ext 3028

    www.mcpsmt.org



    ------------------------------
    Russ Hendrickson
    Senior Information System Manager
    Western Region (META)
    Missoula MT
    ------------------------------


  • 2.  RE: SYSLog server options

    Posted 07-05-2017 17:30
    Do you mean track user activity only when on a server? Or user activity on a device on the network. If the second, we have used for 17 years Aristotle.  See  https://aristotlek12.com/

    It's an excellent product.



    Kieran

    Kieran O'Connor
    Executive Director of Planning, Development and Technology
    East Syracuse Minoa Central Schools

    315-434-3008 or internal x2661





  • 3.  RE: SYSLog server options

    Posted 07-05-2017 17:37

    We need to track user activity on the entire network.  I'll check out Aristotle.  

    Thanks!



    ------------------------------
    Russ Hendrickson
    Senior Information System Manager
    Western Region (META)
    Missoula MT
    ------------------------------



  • 4.  RE: SYSLog server options

    Posted 07-05-2017 17:53
    It tracks websites, logon/logoff, and application usage on PCs, Mac, Chromebooks. Also logs keystrokes

    One of the other benefits is you can tell usage on your devices. Great for planning, reassignment and understanding utilization.

    If there are other similar products out there--I'd be interested in knowing. Always good to look at new products.

    Call me anytime if you'd like.



    Kieran

    Kieran O'Connor
    Executive Director of Planning, Development and Technology
    East Syracuse Minoa Central Schools

    315-434-3008 or internal x2661





  • 5.  RE: SYSLog server options

    Posted 07-12-2017 12:55

    Russ, all-

     

    I think I'll check out Aristotle, too, but wanted to offer up what we're currently doing as a potential stop gap/simple solution (for at least some of the data you're after).  From our SysAdmin:

     

    So what I do now is I download the domain controller security logs to a share that has enough storage for them, then a powershell script runs to trim to 6 months but can be set for a year.  I can open these logs at multiples through Windows Event Viewer and search the whole log set, depending on date and time needed.  It's a manual way of doing it, but it doesn't cost us anything.  I'm not sure if that's what he's looking for or not – let me know if you want more details...

     

    More than happy to further discuss.  Cheers,

    Dustin

     

    Dustin Reintsma

    Executive Director of IT

    Poudre School District

    2413 LaPorte Avenue | Fort Collins, CO 80521
    office: 970-490-3180
    web:
    www.psdschools.org

     

    <a href=image012.png@01D22B85.862C2350"><a href=image013.png@01D22B85.862C2350"><a href=image014.png@01D23C07.481B1DE0"><a href=image015.png@01D23C07.481B1DE0">

     

     






  • 6.  RE: SYSLog server options

    Posted 08-03-2017 15:31
    I would recommend looking at a log aggregation application, like Graylog, which can collect the information from various sources and compile them into an easily searchable format.

    A secondary benefit is you can then report or take action on items that would previously have been hidden to you. We use this to alert on our VPN, Account lockouts, web server usage, etc. etc. It's amazing what you can do once you visualize some of the log data that is important to you.

    ------------------------------
    Freddie Cox
    IT Infrastructure Manager
    Knox County Schools
    ------------------------------