The BSD syslog Protocol (RFC 3164)
Digesting log data Part I, Part II
Forwarding Windows Events via stunnel to a UNIX/Linux syslogd
Comparison of Adiscon's Windows logging products
Performance Optimizing Syslog Server
Tina's SANS Webcast: Top Ten syslog Signs You Have Been Hacked (pdf)
A Guide to Understanding Audit in Trusted Systems
*Automated Auditing in a Windows 2000 Environment
Visual Studio Analyzer - Event Log Basics (MSDN)
An event log is a binary file where Visual Studio Analyzer stores the events it collects. This event log can be read only through the Visual Studio Analyzer user interface or programmatically through the automation model. After you create a recording filter and started recording, an event log is created automatically. Visual Studio Analyzer collects the events that your application generates into that event log. You can then pause, resume, stop recording, or play back the events in that event log.
How to Determine Audit Policies from the Registry (MS KB 246120)
Monitoring Windows NT/2000/XP/2003
Microsoft Solution for Securing Windows 2000 Server: Chapter 9 - Auditing and Intrusion Detection
Detecting Password Attacks on Windows
Miscellaneous Notes on Windows Logging
Dealing with Windows NT Event Logs. Part I, Part II.
How To Prevent Auditable Activities When Security Log Is Full (MS KB 140058)
W2K and NT Security Event Log Descriptions
Tools
The Resource Kit comes with a utility, elogdump, that lets you dump the contents of an Event Log on the local or a remote computer. PsLogList is a clone of elogdump except that PsLogList lets you login to remote systems in situations your current set of security credentials would not permit access to the Event Log, and PsLogList retrieves message strings from the computer on which the event log you view resides.
An RFC3195 implementation for Windows (logger.zip)
Freeware syslog/tftpserver/tftpclient/ftp server (3cDaemon - 3cdv2r10.zip)
EventReporter - The NT Event Monitor
Perl script that scans NT Event Logs periodically
How to Use Logevent.exe to Log Events From a Batch File (MS KB 131008)
Log consolidation with syslog (pdf)
*Centralized syslog-ng to Mysql Installation Guide
Tuning Syslog-ng on Gentoo Linux (Big5)
Nate Campi's sample syslog-ng configuration file
Nate Campi's sample syslog-ng config for Solaris
Encrypting traffic to a remote syslog-ng server including SSL peer authentication
鳥哥的 Linux 與 ADSL 私房菜 - 認識與分析登錄檔 (Big5)
Building Secure Servers With Linux" (O'Reilly and Associates) covering syslog-ng (pdf)
Socklog - System and kernel logging services
InterSect Alliance's System iNtrusion Analysis and Reporting Environment (SNARE)
Centralized Logging using Logsentry in a Large UNIX Environment (doc)
Complete Reference Guide to Creating a Remote Log Server
Configuring and using syslogd to collect logging messages on systems running Solaris 2.x
Introduction to system logging
Keeping Track of What Goes On: Part I
Know Your Enemy: II - Tracking the blackhat's moves
Extending UNIX System Logging with SHARP
Linux Event Logging for Enterprise-Class Systems (Open Source)
IPSentry - Alert - Syslog Message
Using newsyslog to rotate files containing logging messages on systems running Solaris 2.x
A shell script for rotating system logs (Spinlogs)
Checking Your System Logs with awk
Remote Syslog with MySQL and PHP
Tools
Auditing the security of an existing Solaris system can be time-consuming, and often requires on-site visits.
A GPL'ed library for RFC 3195 syslog
Logwatch is a customizable log analysis system. Logwatch parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. Logwatch is easy to use and will work right out of the package on most systems.
Inspecting the logs produced by the Apache Web server
Performance Tuning and Monitoring
HOW TO: Configure ODBC Logging in IIS (MS KB 245243)
How To Enable IIS Logging Site Activity in Windows 2000 (MS KB 300390)
HOW TO: Configure Web Site Logging in Windows Server 2003 (MS KB 324279)
How To Use SQL Server to Analyze Web Logs (MS KB 296085)
Sample ASP Code May be Used to View Unsecured Server Files (MS KB 232449)
Showcode.asp - A lesson in Internet Security
Default permissions and user rights for IIS 6.0 (MS KB 812614)
Device Specific syslog Configurations
Tutorials and quick guides on how to configure devices to report via syslog
Robust event logging with Syslog
Logging Services Project @ Apache
EventLog module contained in the Perl libwin32 distribution parses
The most popular logfile analyser in the world
A Utility for Monitoring IPTables Logs and Reporting Port Scans - ScanAlert
Cybersafe Centrax Log Analyst Named Essential Microsoft Windows 2000 Security Utility
Intrusion Signatures from Logs
FTP
Bind
Sendmail
BMS generates statistics from your sendmail logs of rejected mail
sm.logger.pl : A Perl script that produces different details from a sendmail log
smtpstats: Brian Beecher's shell script that produces SMTP summaries based on sendmail logs.