Does anybody have an idea how efficient the windows event log is?

I have a scenario where many events could be logged every minute.

Is the windows event log well optimized to handle large number of events?

Would it be comparable to SQL Server for example in terms of performance.

And lastly is it possible to make the logs go to a database?


Solution 1:

The windows event log is robust enough to handle many events per second, so depending on how many events you are talking about (100 compared to 100000) per minute and what exactly you need to do with the data would depend on if I would use event log or not. If I just need to use it for troubleshooting the event log is pretty good for that but if I need to analyze the data I always end up putting it in a database or pulling it out of the event log and parsing. There are some tools for this but it is an unneeded step if you can go directly to a database.

I am not sure on the exact specifications but for lighter record insertion the event log should consume less resources than running a local SQL server. In terms of performance I would say the SQL server would be a much better bet than event log. I believe the event log is also stored in memory.

Keep in mind that the event log is also limited in size. If you need to retain a lot of logs you are going to need to run automated scripts to export this and ensure you have the event log settings correct so you dont lose information. If the event log is at its maximum size, no logs will be retained until it is cleared.

Event logs can be logged to a database or syslog, but honestly I wouldn't recommend that.

I would recommend you weigh your options but if you are talking about heavy transactions consider a database.