What is the best tool for to capturing Windows Event Logs centrally?

windows-server-2008 windows-server-2003 windows-event-log logging
16,711

Solution 1

Legacy Answer; Updates from the future below

If already have some Linux/Unix machines in your environment and are comfortable with that format, I'd recommend using Syslog. There are a number of products that will forward your logs to a syslog server for you.

If you're just looking for log collection for legal/compliance reasons, anything will do, really.

Splunk is fairly popular log tool (I think it's based on syslog) that can do a lot of reporting for you. If you want analytics built in, it's a good place to start evaluating. It has a limited free version, but can pay to break out of those limitations.

You can also use Nagios to assist you with your Log Management, especially with some of the plugins and sidecar applications, but I'll warn that it's not trivial to set up.

UPDATE: If you're not afraid of scripting, there are a lot of examples of Logging Scripts at the Microsoft Script Center Repository. (Fulfilling the down-n-dirty requirement...)

UPDATE 2015: If you're not using Splunk, you should use ELK (ElasticSearch, Logstash, & Kibana) as your logging mechanism. While F/OSS like Syslog, it gives you so much more feature-wise. As far as shipping logs, you should use NXLog. It handles Windows Event Logs, and ships them as objects (viewable as JSON, which is how they're stored in ElasticSearch). While each log is slightly larger over the wire, you don't need to write long, painful, and brittle RegEx statements to parse the fields (like you do in order to make use of Syslog, or syslog-formatted logs sent to ELK).

Solution 2

SCOM (System Center Operations Manager) or anotehr enterprise tool just is it. Nothing else.

2008 R2 can forward events to another server out of the box, allowing central archiving, but that rules out definitely the 2003 servers.

Solution 3

You may want to give a try to Splunk to collect and index all these events. Splunk provide a very efficient way of visualizing, correlating datas from various inputs including Windows Event Logs.

Solution 4

phpLogCon might help you here (although it's more about reading/browsing the logs than collecting them). I've only ever used it with rsyslog, but the documentation says:

The database can be populated by MonitorWare Agent, WinSyslog or EventReporter on the Windows side and by rsyslog on the Unix/Linux side.

(It would probably be worth looking into these tools.)

Solution 5

Quick and dirty, you say? Here you go:

http://www.logmeister.com/index.shtml

Share:
16,711

Related videos on Youtube

duffbeer703
Author by

duffbeer703

Updated on September 17, 2022

Comments

  • duffbeer703
    duffbeer703 over 1 year

    We have a collection of about 100 Windows 2003 and Windows 2008 R2 domain controllers that I would like to start capturing Event Log data from. Many of the servers are very busy and generate large volumes of events, particularly security events that we also want to capture.

    We're currently using a enterprise/expensive monitoring solution that we're reasonably happy with for system uptime and performance statistics, but the event log monitoring component is not so good.

    I'm hoping to find something quick and dirty for this purpose if possible.

  • duffbeer703
    duffbeer703 over 13 years
    I think we'll be heading in the SCOM direction in the next couple of years. Unfortunately, we inherited a large single-label domain that isn't compatible.
  • gravyface
    gravyface over 13 years
    There's a couple of good FOSS ones too such as EVTSYS, developed by Purdue: code.google.com/p/eventlog-to-syslog
  • gWaldo
    gWaldo over 13 years
    Nice, GravyFace! +1 to you

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Event ID 6009: is this event triggered only when a user-initiated shutdown has occurred?
How to track down the cause of Windows Server 2008 crashing?
How to export all System event logs of a definite time period
Recommended software for a Centralized logging server?
Windows Events for Remote Desktop logon failure
How to obtain the Windows product id from registry from a remote machine
Windows Server 2003/2008 RDP session limit
How to change TCP "time wait" delay in Windows 7 / 2008 Server?
How can I see all users of domain in this PC?
How can I increase the number of PCs a specific user can join to a domain?