Good Windows event log analyzing/reporting tool?
I'm looking for a Windows eventlog analyzing and monitoring software for Windows Server 2000/2003 (there are some new features in Windows Server 2008.) The feature set should include:
- real-time monitoring (alerts via email or other messages)
- definition of events/event groups which are watched
- multiple-server
- reporting (daily/weekly etc. reports)
- nice client tools
- not necessarily free or open-source, but that would be nice (of course)
Any recommendation or tip how to implement this using standard tools?
Thanks!
Solution 1:
I would suggest you use OSSEC. It can agregate all the information in a single server and has a nice web interface that allows you to display the alerts.
Solution 2:
Zenoss Core...
Solution 3:
I use a set of custom Perl scripts. They do several things but the main one goes through the event logs of each of the servers, extracts the warnings and errors for the last 24 hours, creates an Excel spreadsheet with the results and puts that in a folder I check each morning. This way I get the interesting bits in an easy to read format.
I'm currently considering the practicality of integrating event log monitoring with Nagios. With the right kind of ignore filters (e.g. I really don't care that a print job failed) I should only receive alerts that need to be looked into. That's a fair bit of work to set up but I only need to do it once and it will make my job easier long term. Alternatively, I may have another look at Zenoss.