Windows Server Event Log Collection and Analysis

Does anybody know of a good tool to collect and analyse the application logs from a number of different Windows servers running on VMWare? All servers are on the same domain.

Ideally the tool would be free and open source.

Thanks


Solution 1:

Splunk is the new hot player on the market. It's a sorta-free model. A single server is free, but if you want to correlate multiple servers logs into a single server you need to pay.

Zenoss has a much less robust log aggregator, but it works, and you can do many other things with Zenoss as well. Zenoss operates under a sorta-free model as well, but there is no limit on the free version, only a few missing features.

FWIW, I would pay for splunk. It's that good

Solution 2:

I use a combination of SyslogD, snare and Splunk for my log analysis. SNARE sits on the windows server and pipes the eventlogs to my central syslogd logging server (which is also my Nagios server)

I then use Splunk to analyse them on the one server only, abiding by (in my eyes at least) the server license.

I have posted semi-instructions on how to do this on my blog at Central Syslog for Servers

This also takes care of my Pix's and other equipment that can redirect their logging.