[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 343
  • Last Modified:

Event Monitoring

Good morning!  I'm currently working in a Windows Server environment and would like to find a solution for monitoring our event logs on some of our computers.  Currently we have the monitoring set up on small business server so it sends out a list of all event errors and so forth on a daily basis, which is working out great.  What I'd like is to eitehr tie the sbs monitoring into our other servers, or find a similar solution for them.  The other two boxes are running Windows Server 2003 & 2008.  Again, if there's something nearly identical to the SBS event reporting that'd be perfect.  Thanks!
0
sstoyer
Asked:
sstoyer
1 Solution
 
MikeGGGCommented:
There are a lot of event viewer monitors on the market. Personally, I would recommend you to take a look onto Network Event Viewer.
http://www.diskmonitor.com/nev/

Network Event Viewer is a network wide event log management, monitor, consolidation, auditing and reporting tool enabling System Administrators to satisfy Sarbanes-Oxley auditing requirements while proactively managing their networks.

Centralized Event Log Management
The Windows operating system and many 3rd party Windows Services and applications use the Windows Event Log system to log informational, warning, and critical information used by Network Administrators to help identify application errors. Network Event Viewer real-time monitors, consolidates and archives event logs and syslogs to SQL Server, MySQL or the file system. Administrators can automatically export consolidated logs to CSV, EVT, HTML, TXT, and XML. Network Event Viewer can optionally clear event logs once archived. Use the viewer to merge multiple logs into a single view.

Advanced Event Filtering
Powerful filtering searches through consolidated event logs and allows you to pinpoint events of interest or remove noise. Supports simple and complex regular expression filters. Selectively flag and add notes to events of interest.

Alerts, Notifications, and Actions
Supports several different alerts and actions when key events are detected. Trigger actions such as sending a fully customizable email, exporting to a file, displaying a message box, playing a sound, writing key events to a user defined database table, forwarding key events to a syslog server, displaying a system tray popup message or sending a SMS notification through an email-to-SMS gateway or service.

Automatic Report Generation
Create scheduled reports that contain events of interest from a set of computers. For example, receive a daily report that contains a list of all failed login attempts to your domain controllers for the last 24 hours. Email report content is fully customizable through our HTML email templates.

Quickly search your network for all domain controllers, servers, SQL Servers or workstations. Once identified, download or configure all at once.

Event Log Consolidation and Monitoring Templates
Configuration templates allow you to save an event log consolidation and monitoring configuration. Quickly assign configuration templates to a set of computers and logs. New computers can be automatically configured with our Active Directory Auto Configurator. When a new computer is discovered, your configuration template is assigned making log consolidation and monitoring automatic.

Other Features
Automatically archive and remove out of date entries.
Receive, consolidate, and monitor syslog messages.
Group computers by logical groups.
Display event log entry data as HEX, ASCII, or Unicode.
Automatically refreshes the current view with when new entries are downloaded.
Fully customizable HTML output and email content.
Automatically archives event log repository.
Sends email notification when consolidation downloads fail.
Supports multiple Active Directory connections.
Modify Windows Event Log properties (maximum size and overwrite policy)
Supports SMTP authentication.
Enterprise Architecture
Network Event Viewer is built using a Windows Service, management interface application, and tray icon application for user interface alerts. No installation requirements on remotely managed computers. Network Event Viewer uses multi-threaded code to download and filter event logs. This format enables thousands of entries to be consolidated and filtered in seconds.

How It Works
A Windows Service is installed which enables automatic event log consolidation, monitoring, alerting, exporting, syslog forwarding, archiving, scheduled reporting, remote event log clearing, and automatic log consolidation and monitoring for newly discovered computers. The Windows Service enables all this to occur on a Windows desktop or server while the system administrator is logged off.

The viewer enables systems administrators to view a single log or merge multiple logs into a single view. Views can be filtered, sorted, and searched. Entries can be marked and now notes can be added for later analysis.

0
 
tilbardCommented:
http://www.intersectalliance.com/projects/BackLogNT/index.html

Free, and quite good, if you're cheap (like my company). Pretty easy to install and configure, though it does take a bit of fine tuning.

You'd want to check out Snare Backlog and Snare Agent for Windows (and any other agent for whatever other OS' you may have).

Their pay-for version is good too. Comes boxed with the OS (Ubuntu Feisty based) and app installer rolled into one. Answer 5-10 questions (IP, password, name, etc...) and it's up and running.
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now