My district is wanting to implement a syslog server so we can track user activities such as login and logout times. We have had enough legal issues the last couple years with staff and student problems which led us to realize we need more data to help with forensic investigations. There seems to be every flavor out there from free to paid version of software to extrapolate the data. We are simply looking for a system that can hold the transaction logs for at a minimum 1 year and allow us to go in and search for individual user activity if and when the issues arise. I dont mind going with a system that has less bells and whistles to save overall costs.
Any insight would be helpful.
Senior Information Systems Manager
Missoula County Public Schools
406-728-2400 ext 3028
We need to track user activity on the entire network. I'll check out Aristotle.
I think I'll check out Aristotle, too, but wanted to offer up what we're currently doing as a potential stop gap/simple solution (for at least some of the data you're after). From our SysAdmin:
So what I do now is I download the domain controller security logs to a share that has enough storage for them, then a powershell script runs to trim to 6 months but can be set for a year. I can open these logs at multiples through Windows Event Viewer and search the whole log set, depending on date and time needed. It's a manual way of doing it, but it doesn't cost us anything. I'm not sure if that's what he's looking for or not – let me know if you want more details...
More than happy to further discuss. Cheers,
Executive Director of IT
Poudre School District
2413 LaPorte Avenue | Fort Collins, CO 80521 office: 970-490-3180 web: www.psdschools.org