During a webinar 16 July 2015 at noon Eastern, Randy Franklin Smith will be showing how to install and use Splunk Free and LOGbinder to start consuming audit logs from Exchange, SharePoint and SQL Server. Using our new Splunk App for LOGbinder, Randy will show how these applications’ audit logs can automatically feed into four different dashboards for a high-level view and drill-down functionality. Better yet, you can even correlate other security logs from Windows and Active Directory with those application logs! How awesome is that?

LOGbinder is sponsoring this Real Training for Free™ webinar by Ultimate Windows Security.

Register here. Watch it live and get a very special offer of LOGbinder licenses! This is a truly great deal. We want people to put application security audit information in their SIEM, so we’re putting our money where our mouth during this webinar.

Topic: Using Splunk and LOGbinder to Monitor SQL Server, SharePoint & Exchange Server.

Date & time: 16 July 2015 12:00 - 1:30 PM Eastern Time (UTC -5:00)

Can’t make the live event? Register anyway to receive a link to the recording.

When LOGbinder is first started, it must set up event sources necessary for its operation. So, in some environments and for the first run it may be necessary to start the LOGbinder application using the “Run as Administrator” option. Thereafter it should be enough to run the application as a user who is a member of the local Administrators group, but in practice we find that in some environments the user must always use "Run as administrator". Your circumstances may vary, but if the system returns a message containing “insufficient privileges for creating event source”, try the “Run as Administrator” to see if it doesn’t solve your problem.

Recently we received a trouble ticket from three customers with LOGbinder for Exchange. Two of them were large Enterprise customers. It turns out that if the version of .NET that is running on the Exchange Server, the server where LOGbinder for Exchange is installed and/or the server running the PowerShell scripts is different, the Exchange API is unable to function properly. It took some time to figure it out, but we’ve released a patch that will resolve the problem for the time being. It’s an odd problem to have, and seems to be a problem with .NET incompatibility between version 3.5 and 4.0.

We would be interested to know if you have noticed something similar in your environments where .NET 4.0 is running. Please let us know if you have experienced any .NET 4.0 incompatibility.

Security analysts all over the world are adding Splunk to their log management tool kit. We are therefore very happy to announce the public availability of our newest tool, needed by Splunk customers all over the world. We call it the Splunk App for LOGbinder. We developed this app ourselves to meet our high standard:

• It’s light-weight, simple to install, configure and run.
• We built it to consume and analyze feeds from every one of our current LOGbinder products right out of the box. That means that you can use the Splunk App for LOGbinder and see, automatically on 4 different dashboards, security audit log output from LOGbinder for Exchange, LOGbinder for SharePoint and LOGbinder for SQL Server.
• It has our Recommended Rules and Alerts intelligence for Exchange, SharePoint and SQL Server built-in so you can quickly isolate the meaningful events, or select from the entire list and even create your own set of custom event dashboard.
• Workflow action hyperlinks to a description of each Event ID via the Ultimate Windows Security Online Encyclopedia.
• Field extractions from the raw syslog
• Pre-set and customizable alerts

The app is free! You can get it from our LOGbinder and Splunk Partner page