Good Windows event log analyzing/reporting tool?

monitoring windows windows-event-log reporting

I'm looking for a Windows eventlog analyzing and monitoring software for Windows Server 2000/2003 (there are some new features in Windows Server 2008.) The feature set should include:

  • real-time monitoring (alerts via email or other messages)
  • definition of events/event groups which are watched
  • multiple-server
  • reporting (daily/weekly etc. reports)
  • nice client tools
  • not necessarily free or open-source, but that would be nice (of course)

Any recommendation or tip how to implement this using standard tools?

Thanks!


Solution 1:

I would suggest you use OSSEC. It can agregate all the information in a single server and has a nice web interface that allows you to display the alerts.

Solution 2:

Zenoss Core...

Solution 3:

I use a set of custom Perl scripts. They do several things but the main one goes through the event logs of each of the servers, extracts the warnings and errors for the last 24 hours, creates an Excel spreadsheet with the results and puts that in a folder I check each morning. This way I get the interesting bits in an easy to read format.

I'm currently considering the practicality of integrating event log monitoring with Nagios. With the right kind of ignore filters (e.g. I really don't care that a print job failed) I should only receive alerts that need to be looked into. That's a fair bit of work to set up but I only need to do it once and it will make my job easier long term. Alternatively, I may have another look at Zenoss.

Related

What is SMS Agent Host?
Have I messed up buying the wrong SSL certificate for my domain?
Backup is not Archiving - But what requirements does archiving have?
remote command execution on Windows 2003 server
Timeout ssh sessions after inactivity?
Limit VMware Virtual Ethernet bandwidth
Why is the time messed up on my Ubuntu Server VPS?
Migrate user profiles to new Active Directory Accounts
How can I remove a trac user's e-mail address?
Configuring Varnish to rewrite Expires/Cache-Control headers for client-side caching
How to properly deploy multiple computer labs and have room for future expansion?
Could my enterprise proxy know the content of an https request?