Event Log readers


Just wondering what anyone else use there for event log reading?

Basically I am after a tool which works in a similar fashion to the usual Eventviewer built into Windows but with the added benefit of being able to search for keywords etc easily.

Ideally the tool would be able to connect to a server remotely to perform this function - I certainly don’t want something that hoovers up all the logs (too many servers for that) and only needs to be used on an occasional basis.

For us, problem management and similar is an important part of our monitoring and performance investigations.



1 Like

I am rolling out Splunk right now. Very costly and it doe it by ingest rate in a 24-hour period. It does have the ability to filter/drop events before ingest which helps. You can also tell the system what logs to collect as well. The search functionality is awesome.

That being said, when we did the POC, we also tested Sumo Logic from Hitachi. Cloud is the only option which we tried to ignore, but it did not have all the functionality we required. For your needs it could be a winner. A lot of the same features, but cheaper.

1 Like

Your best bet would be a central syslog server , of which there are many , a few of which are …





you mention not wanting a product to ‘hoover up’ the logs, but would be worth it in the long run, considering the soon to be announced Splunk integration with Squared UP … I can mention that can’t I???

or what about MS OMS ?

1 Like

I’m personally a huge fan of the Elastic Stack for this. Way faster than Splunk, licensed per node rather than by volume, and free if you don’t need their X-Pack add-on features. You run a lightweight agent on every machine that forwards whichever event logs you define in its config to your elasticsearch cluster (as granular as you want, even down to the Event ID), and from there you can do all the searching/aggregating/dashboarding you like (using Kibana and/or SquaredUp via the API). I’ve been using this myself for close to a year, and it’s been a huge win for our organization.

1 Like

You could also take a look at Honolulu


Something from Microsoft that is free :smiley:

1 Like

Probably the cheapest method is a powershell script that will accept search input. The script will connect to a list of servers (imported from CSV?) and search the event logs on each. So you would end up with a script that would be called by running something like

Get-EventLogSearch -keyword “bigbang” -eventlogs “System, Application, Security” -serverlist c:\myservers.csv

Of course, cheap means slow…. but great for occasional use. (I’m thinking now something like this would be useful for us )

This website should get you started on building such a script.


Hope this helps!

1 Like

Could you potentially surface this data in Squared Up via a Data on Demand tile?
Also, perhaps not what you’re looking for, but worth be aware of free Log File MP from NiCE anyway - http://www.nice.de/log-file-monitoring-scom-nice-logfile-mp/

look out for our webinar on Splunk integration next week :slight_smile:

We already use that, this is not for monitoring directly. This is for specific point in time investigations.

It’s not practical to hoover up 3000+ servers and every single log for occasional point in time searches.

They are fine where they are - on servers. Just want to be able to search them better while live and in place.

Sadly that is a little too much of ‘I know what to look for and where’ when investigating server or application issues it is not always that straight forward - we may be on a server trawling through logs and then see something that is of interest to then want to just search results that match the same or similar key words - remotely and in real time.

TBH the built in event viewer is fine the way it is laid out and operates - just the searching capabilities are very restricted.

This could be interesting for the future I shall keep an eye on this tool - if it does or will include event log searches it may well prove to be what we want

Here is a session from Ignite about the product.

It would still work - you just feed in keywords that you have found while trawling logs. It’s still remotely as you can just list all your servers in the input file. It does mean dropping to a powershell console to do it.

There is no search option in the logs on Honolulu. Only event filter (time, ID, source). And you still have to connect to each server to do that.