I'm looking for a Windows eventlog analyzing and monitoring software for Windows Server 2000/2003 (there are some new features in Windows Server 2008.) The feature set should include:
- real-time monitoring (alerts via email or other messages)
- definition of events/event groups which are watched
- multiple-server
- reporting (daily/weekly etc. reports)
- nice client tools
- not necessarily free or open-source, but that would be nice (of course)
Any recommendation or tip how to implement this using standard tools?
Thanks!
I would suggest you use OSSEC. It can agregate all the information in a single server and has a nice web interface that allows you to display the alerts.
Zenoss Core...
I use a set of custom Perl scripts. They do several things but the main one goes through the event logs of each of the servers, extracts the warnings and errors for the last 24 hours, creates an Excel spreadsheet with the results and puts that in a folder I check each morning. This way I get the interesting bits in an easy to read format.
I'm currently considering the practicality of integrating event log monitoring with Nagios. With the right kind of ignore filters (e.g. I really don't care that a print job failed) I should only receive alerts that need to be looked into. That's a fair bit of work to set up but I only need to do it once and it will make my job easier long term. Alternatively, I may have another look at Zenoss.
I can recommend NOT using GFI event manager. It's a huge bandwidth hog (streams entire logs over the wire repeatedly) and if you have t1 remote sites, this is a big deal. Also, it's flaky, so it requires far too much upkeep for what should be a simple solution.
SecureWorks has a solution that we will be trying. It looks pretty good.
Splunk (www.splunk.com)
Event Tracker http://www.prismmicrosys.com/eventTracker.php