Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Looking for centralise Event Log Monitoring

Status
Not open for further replies.
PaulThomas

PaulThomas

MIS
Apr 3, 2002
18
GB
We are running a Active Directory Domain with 20 W2K servers and 200 Windows XP Workstations.

I would like to be able to centralise the monitoring of the event logs on the servers and possibly the workstations.
I need to be alerted when an account becomes locked and report on how many attempts the user has made to logon on and where from, when etc.
All of this information is currently in the server event logs but I don't wan't to have to visit each server to find it.

Can anyone recommend a good solution to this ?
 
Sort by date Sort by votes
Thanks Jolesen.

This solution looks quite expensive and would be very difficult for me to justify.

What are people using out there ?

Are there any lower cost solutions ?
 
Upvote 0 Downvote
Use MMC. Add snap-in of event viewer for different server.
 
Upvote 0 Downvote
I've been looking into this myself and haven't really found anything free/cheap that does the job. I'm going to be evaluating Microsoft Operations Manager and NetIQ AppManager shortly but they aren't cheap. I think we'll probably go with MOM although that's a bit overkill for what we want (I don't really want automated 'fixes' to alerts), AppManager has even more features but most of them would be unnecessary for us.
 
Upvote 0 Downvote
I am particularly keen to be able to set up both a searchable centralised event viewer plus alerting.

I work in a fairly high security company, if a user account becomes locked we need to know about it and also why it became locked, at the moment I have to trawl through the event logs on each Domain Controller (We are running Active Driectory).
I would be far easier to get an e-mail showing th elocked account and then filter the events in a central database to show all attempts on that account.

I don't need extra options in event viewer as all of the required info is already there, it is just spread accross a number of Domain Controllers.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
226
gbaughma
gbaughma
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
375
gbaughma
gbaughma
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
199
mangentle
mangentle
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
216
fightaccording
fightaccording
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
108
RRankin355
RRankin355

Part and Inventory Search

Sponsor

Back
Top