+ Post New Thread
Results 1 to 13 of 13
Windows Thread, What Event Log Management Tool do you use? in Technical; I'm looking into a few solutions to centrally manage our Event Logs... I've been looking at Spiceworks... It's OK but ...
  1. #1

    Join Date
    Apr 2007
    Posts
    22
    Thank Post
    0
    Thanked 6 Times in 3 Posts
    Rep Power
    16

    What Event Log Management Tool do you use?

    I'm looking into a few solutions to centrally manage our Event Logs...

    I've been looking at Spiceworks... It's OK but produces very basic reports: but it is free.

    Then there's ManageEngine EventLog Analyzer 5, it's a nice solution... bit pricey
    Single Installation License Fee For 10 Host Pack: $995

    Is there any other software which is worth a look?

    Cheers

    DK

  2. #2

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180
    There's numerous tools for outputting Event Logs to a syslog server. There's then tools to analyse the syslog. I don't know any names off the top of my head but I'm sure Google can help.

  3. #3

    Join Date
    Apr 2007
    Posts
    22
    Thank Post
    0
    Thanked 6 Times in 3 Posts
    Rep Power
    16
    Quote Originally Posted by Ric_ View Post
    There's numerous tools for outputting Event Logs to a syslog server. There's then tools to analyse the syslog. I don't know any names off the top of my head but I'm sure Google can help.
    I've tried Google and found other Event Log Managers, the two i mentioned above are the front runners from my web trawling... I was just wondering if Google had missed some...

  4. #4

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180
    A quick Google for me turned up Syslog - Eventlog - Event Log Wiki which may help - it won't be an integrated solution but it shouldn't be difficult to implement.

    If you use a syslog-based solution, you can point network devices there too (e.g. printers) so you will get all your messages in one place.

  5. #5

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    If you syslog server is a Linux machine. I suggest you have a look at Logwatch. It's what I use here.

  6. #6

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,154
    Thank Post
    114
    Thanked 527 Times in 450 Posts
    Blog Entries
    2
    Rep Power
    123
    Take a look at Microsoft's log parser - can scan just about any kind of log (inclding event logs!) and pull out just the bits you want (eg just errors) You can then stick that data whereever you want (eg a SQL database) and work with it there.

    It's also free :-)

  7. #7

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,841
    Thank Post
    876
    Thanked 1,679 Times in 1,459 Posts
    Blog Entries
    12
    Rep Power
    444
    I use event viewer

  8. #8

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    I use Event Viewer too and using MMC you can view any machine event log remotely. You could also in theory create a MMC Snap-in of all event logs of your machines on the network. This would then centralise everything in one area.

  9. #9

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,154
    Thank Post
    114
    Thanked 527 Times in 450 Posts
    Blog Entries
    2
    Rep Power
    123
    The downside of using event viewer is that you have to do something to find out what's going on - you don't get things sent to you when there's a problem.

    this might be fine if you only have a few servers but once you get more than a few you really want something which at least summarises errors if not actively alerts you when things are going wrong.

  10. #10

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    I believe Windows Server 2008 does allow you to be sent mail to alert you of particular problems. Alternatively applications like WSUS and Sophos have built in solutions to alert you of activity/problems.

  11. #11
    steve's Avatar
    Join Date
    Oct 2005
    Location
    West Yorkshire
    Posts
    1,043
    Thank Post
    22
    Thanked 177 Times in 123 Posts
    Rep Power
    51
    I always fancied trying GFi EventsManager just never managed to get round to it.

    Available from Pugh not the cheapest solution though.

  12. #12

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Guess it depends what you mean by "manage".

    I had a scenario where I only wanted an account to be e-mailed Win 2K & 2K3 server events that were uhh.. events I'm interested in and on reflection, being told once a day was quite enough (which conveniently allows you to have things like just one e-mail for 27,000 identical overnight error events). So a key point was decent-ish customisable filtering.

    Next attribute was free <-> very cheap, because I had quite a lot of servers in mind. Looked far and wide, there was a reasonably good one (don't have name to hand) but it was a bit too far over very-cheap. So I just ended up writing it, and because it's me that's a CL-util you schedule and the config changes are done by text-editing a reg file of target logs, event filter rules etc.

    Then it took a couple of *months* of events arriving and a fair amount of event research before I arrived at a filter set that did a pretty good job of filtering out the chaff-on-those-servers-according-to-me[tm] and it's still a work in progress. I'd have had to do the same with all the commercial products I found though - and I'm not sure I'd bother with this stuff for say less than 10 servers.

    PS: One thing that fell out of this I wasn't expecting until I got hindsight, was the relative fragility of event logs. The app knew perfectly well where it was at last time, but I ended up making it scan an entire event log every time in order to detect corruption.
    Last edited by PiqueABoo; 9th April 2008 at 12:14 AM. Reason: PS

  13. #13

    Join Date
    Nov 2006
    Posts
    21
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    we use this little baby...

    PA Server Monitor Free Edition

    We got a free upgrade to the lite version by posting a tiny hidden link on our school website for a month or so..

    Scans the event logs of our 7 windows servers and emails the admin group whenever a error event crops up. We also use it for disk space checking as well..

    It does a whole lot more than that. Great value tool for what it costs :-)

SHARE:
+ Post New Thread

Similar Threads

  1. IRIS Behaviour Management and Analysis Tool
    By Sylv3r in forum MIS Systems
    Replies: 15
    Last Post: 14th July 2009, 01:24 PM
  2. Xbox 360 LAN Event!
    By EduTech in forum Gaming
    Replies: 1
    Last Post: 8th February 2008, 09:33 PM
  3. DHCP Event log?
    By SimpleSi in forum Windows
    Replies: 2
    Last Post: 8th February 2008, 09:28 AM
  4. Online Asset Management tool?
    By CM786 in forum Wireless Networks
    Replies: 5
    Last Post: 4th April 2006, 11:33 AM
  5. Event ID WebSite
    By ninjabeaver in forum Links
    Replies: 0
    Last Post: 24th June 2005, 01:34 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •