Enterprise Event Log Collection/Management

[nirvana818]

I am part of an administrative team trying to manage a multiple domain architecture. I'm trying to find a solution for Event Log collection for all servers in all domains. Of course I would then like to consolidate all of the event logs into a report for daily reviewing.

Any ideas/help is greatly appreciated!

 

[Guest_imported]

look at NETIQ's Operations manager(

http://www.netiq.com)

or Microsofts MOM. It works forus.

 

[terrenc1]

Most Packages are an expensive cost per server, has anyone found any shareware to do this.

 

[MikeKap]

They don't have to be expensive or complicated to install. If I could show you a product that was simple to install (less that 30 minutes), starts collection information immediately and costs $795/server?

 

[countludwig]

you can alway's Roll your own.
I've not found one to my liking, so I wrote one
using eldump and vbscript. it collects logs from
6 servers and emails me the report daily.

ELDump to dump the logs

http://www.ibt.ku.dk/jesper/ELDump/default.htm

JMail to send it.

http://www.dimac.net/websites/dimac/website/products/FreeDownloadForm?itemId=122

vbscript to tie it all together.

http://cwashington.netreach.net/

If your really motivated you can encapsulate the whole thing
into and hta and run it manually. once we updated all the servers to w2k-sp2 the task scheduler finally became usable.

have fun.

 

[bearmirus]

Hmmm, you might want to check out the following programs as well.

Syslog Daemon -

http://www.kiwi-enterprises.com/

EventReporter -

http://www.eventreporter.com/en/

WinSyslog -

http://www.winsyslog.com/en/

Syslogdaemon -

http://www.cls.de/syslog/eindex.htm

TriAction SysLog -

http://www.triaction.nl/

MT SysLog -

http://www.mikrotik.com/download.html#syslog

So far, I favor the SysLog server from Kiwi-Enterprises. I'm using it to keep track of 15 servers and worked like a charm.

 

[NickFerrar]

I'd class $795 per server as expensive - we have around 100 servers...

 

[millstb1]

You could also roll your own using free Perl and eldump.

 

[tgd2000]

A cheap and good tool for enterprise level monitoring of eventlog's among other things is Big Brother. We have implemented it in our datacenter as a supplement to TNG and it is a big success, since it operates on a number of platforms. You can find information about it on

http://bb4.com

 

[johnny99]

We got one of our programmert to write a service that dumps the eventlogs to an SQL database.
On the SQL server we have two databases, one archive and one for review.
Review is done using a web-page and rules can automatic be applied (so most of our logentries go directly to the archive database without looking at it)
This keeps the volume down that we have to check.

I think it too him 30-40 hours to write the system and we had to pay a little for a component he nedded.

 

[luffy]

NETIQ Security Manager as it not only consolidates event logs on NT but collates security from Unix (Solaris\Linux), AS400 and VAX. This is consolidated into one screen

 

[Stiddy]

Why not have every server run a scheduled task which kicks off a batch file. The batch file would dump and compress the 3 different eventlogs into seperate files, then copy to a certral file share. That is how I do it, of course this will not create a daily logfile for you to view, but I like the sound of free better than 795 a server.

 

[johnny99]

One problem you would get that way is that it can be a problem to read the eventlogs at a central file share.

If I remember right a lot of the info that is needed to translate the eventlogs come from the software installed on the servers.

 

[Stiddy]

johnny99,

Well the utilty I was talking about to dump the eventlogs moreless, zips them into a file. One would still have to undump them, then use eventvwr to examine the files. This may not be the solution needes for this problem. I use it foe my client who requires all of the event files from all servers quarterly. Alot huh? Especially since they never even open them again once I burn them all on cd.

 

[KaiMax]

if you're using McAfee's ePolicy Orchestrator (which works for Norton as well...) there is a plug-in application that will give any kind of report on any node in your network world-wide from a browser window -- very cool. Check out

http://www.reqo.com/maestro

for details....