+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
Windows Thread, Monitor all event logs centrally? in Technical; I've got an issue here which I'm sure many of you also come across regularly - people get error messages ...
  1. #1

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,684
    Thank Post
    516
    Thanked 2,453 Times in 1,899 Posts
    Blog Entries
    24
    Rep Power
    833

    Monitor all event logs centrally?

    I've got an issue here which I'm sure many of you also come across regularly - people get error messages on their screens and then simply report the computer as being 'broken'. When quizzed about what the message said, the response ranges from 'Computer something something' to 'I dunno, I didn't look'.

    So, in an effort to reduce this issue, I've been thinking about central event logging.

    Now I realise that this is going to be a lot of logging when you consider 250 computers all reporting back to one place, but at the same time, it will save a lot of time and effort, and I have the spare capacity to handle it.

    My question is this - do any of you do this already? If so, what do you use to do it?

  2. #2
    chazzy2501's Avatar
    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,782
    Thank Post
    213
    Thanked 263 Times in 213 Posts
    Rep Power
    67
    you can make a new MMC with event logs then link it to your remote PC. I create a new one if I need the remote error logs. of course thats only if the PC is still on line as the records will still be stored locally to that pc.

  3. #3

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,684
    Thank Post
    516
    Thanked 2,453 Times in 1,899 Posts
    Blog Entries
    24
    Rep Power
    833
    I don't really want to have to do this for all our PCs. I want a simple searchable log database with everything in.

  4. #4
    chazzy2501's Avatar
    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,782
    Thank Post
    213
    Thanked 263 Times in 213 Posts
    Rep Power
    67
    it takes about a full minute just to filter my local event log, I couldn't imagine how large the consolidated log would become and how slow it would be to use. it'd be cool though.

  5. #5

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,684
    Thank Post
    516
    Thanked 2,453 Times in 1,899 Posts
    Blog Entries
    24
    Rep Power
    833
    Quote Originally Posted by chazzy2501 View Post
    it takes about a full minute just to filter my local event log, I couldn't imagine how large the consolidated log would become and how slow it would be to use. it'd be cool though.
    My thought would be that the data would be imported into an SQL database, and then commands ran against that, so size wouldn't be a major issue.

  6. #6
    Netman's Avatar
    Join Date
    Jul 2005
    Location
    56.343515, -2.804118
    Posts
    911
    Thank Post
    367
    Thanked 190 Times in 143 Posts
    Rep Power
    54
    Lansweeper can do this IIRC, you might have to buy the premium version, rather than the free version to get it though. Although it is cheap and very good indeed... Free hardware inventory and software inventory for windows networks

  7. #7

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,950
    Thank Post
    886
    Thanked 1,697 Times in 1,475 Posts
    Blog Entries
    12
    Rep Power
    447
    Quote Originally Posted by chazzy2501 View Post
    it takes about a full minute just to filter my local event log, I couldn't imagine how large the consolidated log would become and how slow it would be to use. it'd be cool though.
    The problem would be if the machine is off you cant get it. I used to work in a split site school and that was annoying. Also the machine dies and you want to get logs it is a hard task to do.

  8. #8

    SYSMAN_MK's Avatar
    Join Date
    Sep 2005
    Posts
    4,005
    Thank Post
    489
    Thanked 1,340 Times in 728 Posts
    Rep Power
    428

  9. #9

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,611
    Thank Post
    647
    Thanked 1,616 Times in 1,446 Posts
    Rep Power
    421
    What about something like this:

    winlogd - Windows EventLog to Syslog Service - Edoceo, Inc.

    Then you could use a syslog server to receive it.

    Ben

  10. #10


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,894
    Thank Post
    226
    Thanked 2,674 Times in 1,971 Posts
    Rep Power
    786
    A few more...


    There's also PowerShell (Get-Eventlog etc.) and WEvtUtil, but these will only work if the PC in on.

  11. #11
    RobBaxter's Avatar
    Join Date
    Jun 2011
    Location
    Baldock
    Posts
    93
    Thank Post
    8
    Thanked 21 Times in 15 Posts
    Blog Entries
    1
    Rep Power
    10
    hums .... No I just KNOW there was a huge bug of my MCITP on logging. You can set it up with log subscriptions directly to your DC.... this is something that i want to look at doing. So i will get on it asap and let you know how it goes!

  12. #12

    Join Date
    Jun 2009
    Location
    Poole
    Posts
    147
    Thank Post
    4
    Thanked 40 Times in 30 Posts
    Rep Power
    20
    I think Spiceworks can do this for you as it scans. At least there is a "number of events by day" widget so it's actually reading them as it scans your network.

  13. #13

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,170
    Thank Post
    868
    Thanked 2,698 Times in 2,288 Posts
    Blog Entries
    11
    Rep Power
    772
    This is also avalible as part of the MDOP under MVLS SA Microsoft Windows Enterprise: System Center Desktop Error Monitoring costs a little extra though.

  14. #14

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,611
    Thank Post
    1,496
    Thanked 1,051 Times in 920 Posts
    Rep Power
    303
    Quote Originally Posted by BHMS View Post
    I think Spiceworks can do this for you as it scans. At least there is a "number of events by day" widget so it's actually reading them as it scans your network.
    Indeed Spiceworks does collect them as part of its daily scans as you get some very colourful bar charts each day showing the types of log and machine groups etc and all for free

  15. #15

    Join Date
    Apr 2008
    Location
    Aigburth, Liverpool
    Posts
    156
    Thank Post
    35
    Thanked 10 Times in 10 Posts
    Rep Power
    14
    Quote Originally Posted by john View Post
    Indeed Spiceworks does collect them as part of its daily scans as you get some very colourful bar charts each day showing the types of log and machine groups etc and all for free
    Another vote for Spiceworks here. Best solution we have running on the network, and what's best is that it didn't cost us a penny. Love it.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Centrally Switch Off TVs Across Site
    By Spuddyboy in forum AV and Multimedia Related
    Replies: 3
    Last Post: 3rd April 2011, 11:50 AM
  2. Which Event ID to monitor on your Domain Controller ?
    By albertwt in forum How do you do....it?
    Replies: 1
    Last Post: 25th January 2011, 08:32 AM
  3. Multple server event log monitor?
    By Number6 in forum Windows
    Replies: 14
    Last Post: 14th April 2010, 03:47 PM
  4. Manage Windows Security Event Logs
    By JamesMason in forum Windows
    Replies: 2
    Last Post: 10th December 2009, 01:21 PM
  5. Running SIMS on centrally hosted servers
    By StevenEdgar in forum MIS Systems
    Replies: 22
    Last Post: 2nd February 2007, 11:01 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •