+ Post New Thread
Results 1 to 6 of 6
Windows Thread, Event Log Aggregator in Technical; Can anyone recommend some software to making viewing server event logs easier. We've got quite a lot of servers now ...
  1. #1
    dcwhitworth's Avatar
    Join Date
    Nov 2008
    Posts
    47
    Thank Post
    8
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Event Log Aggregator

    Can anyone recommend some software to making viewing server event logs easier. We've got quite a lot of servers now and it's a drag to check all the logs. There are some applications out there that will read server logs remotely and give a neat overview/summary. Is anyone using any of these ? I'm prepared to spend a bit of money to make my life easier if required ! Thanks

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    You should be able to view them all from MMC, local or remote. I can't see any easier way to go about it.

  3. #3

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,156
    Thank Post
    115
    Thanked 528 Times in 451 Posts
    Blog Entries
    2
    Rep Power
    124
    The MMC method works fine for up to about 6 servers but once you've got more than that it's hard to see what's going on - it won't all fit on the screen.

    SCOM is the tool to collect everything about everything but might be overkill (and not sure of the price!)

    For a cheaper (ie free!) method you can use EventCombMT (download here Download details: Account Lockout and Management Tools) It's part of a pack designed to troubleshoot account lockouts and it allows you to search a range of servers for specific events (so it's handy if you want to check for a particular problem; less good if you just want to know "were there any errors")

    Also free but needing more time is writing your own scripts. The best tool to use is logparser (also free) which can connect to a machine and query the event log based on parameters you give it. A trivial example:
    Code:
    LogParser -i:evt "select  recordnumber, computername,timegenerated, message, sourcename from \\maws414-01\system where eventtype=1"
    this gets data from event logs (i:evt) and in this case reads the specified fields from the system log on machine maws414-01 with eventtype 1 (ie an error)

    As it stands, it writes it to the screen which is not much use but it can also dump it to a CSV file or (better!) a SQL database.

    If you can use Powershell then it becomes even easier:
    Code:
    $yesterday=(get-date) - (new-timespan -day 1)
    get-winevent -computername maws414-01 -FilterHashTable @{logname='system';level=2;starttime=$yesterday}
    This works out the time "yesterday" and then connects to the named computer. It retrieves data from the system log with "level" set to 2 (errors) which happened in the past 24 hours.

    there are loads more examples of powershell to read the event log - Get-WinEvent

  4. #4


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,878
    Thank Post
    226
    Thanked 2,669 Times in 1,968 Posts
    Rep Power
    786
    Quote Originally Posted by Michael View Post
    I can't see any easier way to go about it.
    Windows Event Forwarding? It's built into Windows.

    http://blogs.technet.com/b/otto/arch...r-windows.aspx

    One of the least known yet most powerful management features to ship with Windows Vista and Windows Server 2008 is built-in Event Forwarding which enables large scale health and state monitoring of a Windows environment (assuming health and state can be determined from Windows Events - which they usually can). Not only is this feature built into the latest versions of Windows, but it's also available for down-level OSs like Windows XP SP2+ and Windows Server 2003 SP1+

  5. Thanks to Arthur from:

    Michael (14th March 2011)

  6. #5

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Quote Originally Posted by Arthur View Post
    Windows Event Forwarding? It's built into Windows.
    True you could use that, I forgot about it as I don't use it. You'd have to manage a really large domain to make any use of it. For most schools I suspect using MMC will easily be good enough. From the top of my head I don't know any school who use 6 Windows DCs for example.

  7. #6
    dcwhitworth's Avatar
    Join Date
    Nov 2008
    Posts
    47
    Thank Post
    8
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks for the replies. I'll have a look at some of these options. We currently use MMC but we've got over 20 servers and issues on some of the minor servers can easily go unnoticed.

SHARE:
+ Post New Thread

Similar Threads

  1. Event Log Errors
    By karldenton in forum Windows Server 2000/2003
    Replies: 1
    Last Post: 28th January 2011, 12:40 PM
  2. Event Log Message
    By Admiral208 in forum Windows
    Replies: 1
    Last Post: 23rd September 2010, 03:31 PM
  3. Event Log Consolidation
    By secman in forum How do you do....it?
    Replies: 0
    Last Post: 18th April 2008, 04:45 PM
  4. DHCP Event log?
    By SimpleSi in forum Windows
    Replies: 2
    Last Post: 8th February 2008, 09:28 AM
  5. Replies: 1
    Last Post: 25th April 2006, 08:10 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •