Just wondering what anyone else use there for event log reading?
Basically I am after a tool which works in a similar fashion to the usual Eventviewer built into Windows but with the added benefit of being able to search for keywords etc easily.
Ideally the tool would be able to connect to a server remotely to perform this function – I certainly don’t want something that hoovers up all the logs (too many servers for that) and only needs to be used on an occasional basis.
For us, problem management and similar is an important part of our monitoring and performance investigations.
I’m personally a huge fan of the Elastic Stack for this. Way faster than Splunk, licensed per node rather than by volume, and free if you don\’t need their X-Pack add-on features. You run a lightweight agent on every machine that forwards whichever event logs you define in its config to your elasticsearch cluster (as granular as you want, even down to the Event ID), and from there you can do all the searching/aggregating/dashboarding you like (using Kibana and/or SquaredUp via the API). I’ve been using this myself for close to a year, and it’s been a huge win for our organization.
I am rolling out Splunk right now. Very costly and it doe it by ingest rate in a 24-hour period. It does have the ability to filter/drop events before ingest which helps. You can also tell the system what logs to collect as well. The search functionality is awesome.
That being said, when we did the POC, we also tested Sumo Logic from Hitachi. Cloud is the only option which we tried to ignore, but it did not have all the functionality we required. For your needs it could be a winner. A lot of the same features, but cheaper.
Your best bet would be a central syslog server , of which there are many , a few of which are …
you mention not wanting a product to ‘hoover up’ the logs, but would be worth it in the long run, considering the soon to be announced Splunk integration with Squared UP …. I can mention that can’t I???
or what about MS OMS ?
You could also take a look at Honolulu
Something from Microsoft that is free 😀
Probably the cheapest method is a powershell script that will accept search input. The script will connect to a list of servers (imported from CSV?) and search the event logs on each. So you would end up with a script that would be called by running something like
Get-EventLogSearch -keyword “bigbang” -eventlogs “System, Application, Security” -serverlist c:\myservers.csv
Of course, cheap means slow…. but great for occasional use. (I’m thinking now something like this would be useful for us )
This website should get you started on building such a script.
Hope this helps!