Tags:




Any suggestions for Windows event log management?
November 26, 2006 10:14 PM   RSS feed for this thread Subscribe

Any suggestions for Windows event log management?

I would like a way to review and search the event logs for about 65 servers, all Windows 2000\2003, from a central location. I've been allotted a budget of $1,500 for this project but open source options are fine too. This is for a school district so we might also qualify for a discount.

I've been researching different products for a couple of weeks and so far the front runner is ManageEngine EventLog Analyzer although with so many products I'm sure I missed some. I would prefer to stay away from any products that require an agent be installed on the servers. It's also important that it's pretty intuitive and relatively easy to set up. I'm hoping that I can turn it over to one of my techs to install and configure. Does anyone have experience with a product they can either recommend or not recommend?
posted by bda1972 to technology (4 comments total) 2 users marked this as a favorite
GFI Languard Security Event Log Monitor
posted by purephase at 4:39 AM on November 27, 2006


Since open source is an option, I once had to manage a farm of about 100 Metaframe servers. It wasn't often we had to go through their event logs, but it did come up from time to time. Management didn't want to give us any funds, so what I did was:

Install NTSyslog onto each server. Another option is winlogd.

Then, setup syslog-ng on another server using MySQL as the backend. If you install Cygwin, you can run it on a Windows box and use it as a service.

Once you've got that setup, there's plenty of web interfaces for searching syslogs. It worked very well for what we needed.
posted by Spoonman at 6:26 AM on November 27, 2006


I've used EventSentry. It can take advantage of SQL Server / mySQL to centrally store, search, maintain logs. You can use a web interface or an admin console.

It's highly configurable and served my IT department well.
posted by pmbuko at 10:28 AM on November 27, 2006


Thanks for the responses. The open source option seems like it might be more work to set up. This is the case with all of the OS products I researched, but I'm not complaining. I think it's very impressive that someone made these products and distributes them for free. EventSentry is definitely gonna be one of my final choices. I like that it includes a syslog server too so I can get rid if my current one. Anytime I can combine products without losing functionality I'm happy.

For anyone reading this, I'll add another that I just found today - EventReader 2. It's a little more stripped down than the other products I looked into, but it seems to cover the basics and it's really cheap - $250 for as site license.
posted by bda1972 at 11:37 PM on November 27, 2006


« Older Recommendations for beach vaca...   |   I'm having some gnar power rel... Newer »

You are not logged in, either login or create an account to post comments



Related Questions
A Font of All Knowledge October 5, 2008
Help me learn to be the sysadmin I need to be! June 13, 2008
Transition from Windows to mixed Win/Mac May 30, 2008
Possible uses for idle XP box October 29, 2007
How well does Windows run on a Macbook? August 30, 2006