Event Monitoring

Posted on 2009-04-27
Last Modified: 2012-05-06
Good morning!  I'm currently working in a Windows Server environment and would like to find a solution for monitoring our event logs on some of our computers.  Currently we have the monitoring set up on small business server so it sends out a list of all event errors and so forth on a daily basis, which is working out great.  What I'd like is to eitehr tie the sbs monitoring into our other servers, or find a similar solution for them.  The other two boxes are running Windows Server 2003 & 2008.  Again, if there's something nearly identical to the SBS event reporting that'd be perfect.  Thanks!
Question by:sstoyer
    LVL 6

    Expert Comment

    There are a lot of event viewer monitors on the market. Personally, I would recommend you to take a look onto Network Event Viewer.

    Network Event Viewer is a network wide event log management, monitor, consolidation, auditing and reporting tool enabling System Administrators to satisfy Sarbanes-Oxley auditing requirements while proactively managing their networks.

    Centralized Event Log Management
    The Windows operating system and many 3rd party Windows Services and applications use the Windows Event Log system to log informational, warning, and critical information used by Network Administrators to help identify application errors. Network Event Viewer real-time monitors, consolidates and archives event logs and syslogs to SQL Server, MySQL or the file system. Administrators can automatically export consolidated logs to CSV, EVT, HTML, TXT, and XML. Network Event Viewer can optionally clear event logs once archived. Use the viewer to merge multiple logs into a single view.

    Advanced Event Filtering
    Powerful filtering searches through consolidated event logs and allows you to pinpoint events of interest or remove noise. Supports simple and complex regular expression filters. Selectively flag and add notes to events of interest.

    Alerts, Notifications, and Actions
    Supports several different alerts and actions when key events are detected. Trigger actions such as sending a fully customizable email, exporting to a file, displaying a message box, playing a sound, writing key events to a user defined database table, forwarding key events to a syslog server, displaying a system tray popup message or sending a SMS notification through an email-to-SMS gateway or service.

    Automatic Report Generation
    Create scheduled reports that contain events of interest from a set of computers. For example, receive a daily report that contains a list of all failed login attempts to your domain controllers for the last 24 hours. Email report content is fully customizable through our HTML email templates.

    Quickly search your network for all domain controllers, servers, SQL Servers or workstations. Once identified, download or configure all at once.

    Event Log Consolidation and Monitoring Templates
    Configuration templates allow you to save an event log consolidation and monitoring configuration. Quickly assign configuration templates to a set of computers and logs. New computers can be automatically configured with our Active Directory Auto Configurator. When a new computer is discovered, your configuration template is assigned making log consolidation and monitoring automatic.

    Other Features
    Automatically archive and remove out of date entries.
    Receive, consolidate, and monitor syslog messages.
    Group computers by logical groups.
    Display event log entry data as HEX, ASCII, or Unicode.
    Automatically refreshes the current view with when new entries are downloaded.
    Fully customizable HTML output and email content.
    Automatically archives event log repository.
    Sends email notification when consolidation downloads fail.
    Supports multiple Active Directory connections.
    Modify Windows Event Log properties (maximum size and overwrite policy)
    Supports SMTP authentication.
    Enterprise Architecture
    Network Event Viewer is built using a Windows Service, management interface application, and tray icon application for user interface alerts. No installation requirements on remotely managed computers. Network Event Viewer uses multi-threaded code to download and filter event logs. This format enables thousands of entries to be consolidated and filtered in seconds.

    How It Works
    A Windows Service is installed which enables automatic event log consolidation, monitoring, alerting, exporting, syslog forwarding, archiving, scheduled reporting, remote event log clearing, and automatic log consolidation and monitoring for newly discovered computers. The Windows Service enables all this to occur on a Windows desktop or server while the system administrator is logged off.

    The viewer enables systems administrators to view a single log or merge multiple logs into a single view. Views can be filtered, sorted, and searched. Entries can be marked and now notes can be added for later analysis.

    LVL 1

    Accepted Solution


    Free, and quite good, if you're cheap (like my company). Pretty easy to install and configure, though it does take a bit of fine tuning.

    You'd want to check out Snare Backlog and Snare Agent for Windows (and any other agent for whatever other OS' you may have).

    Their pay-for version is good too. Comes boxed with the OS (Ubuntu Feisty based) and app installer rolled into one. Answer 5-10 questions (IP, password, name, etc...) and it's up and running.

    Featured Post

    How does your email signature look on mobiles?

    Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

    Join & Write a Comment

    To effectively work with Diskpart on a Server Core, it is necessary to write some small batch script's, because you can't execute diskpart in a remote powershell session. To get startet, place the Diskpart batch script's into a share on your loca…
    I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now