Just wondering what anyone else use there for event log reading?
Basically I am after a tool which works in a similar fashion to the usual Eventviewer built into Windows but with the added benefit of being able to search for keywords etc easily.
Ideally the tool would be able to connect to a server remotely to perform this function - I certainly don’t want something that hoovers up all the logs (too many servers for that) and only needs to be used on an occasional basis.
For us, problem management and similar is an important part of our monitoring and performance investigations.
I am rolling out Splunk right now. Very costly and it doe it by ingest rate in a 24-hour period. It does have the ability to filter/drop events before ingest which helps. You can also tell the system what logs to collect as well. The search functionality is awesome.
That being said, when we did the POC, we also tested Sumo Logic from Hitachi. Cloud is the only option which we tried to ignore, but it did not have all the functionality we required. For your needs it could be a winner. A lot of the same features, but cheaper.
you mention not wanting a product to ‘hoover up’ the logs, but would be worth it in the long run, considering the soon to be announced Splunk integration with Squared UP … I can mention that can’t I???
I’m personally a huge fan of the Elastic Stack for this. Way faster than Splunk, licensed per node rather than by volume, and free if you don’t need their X-Pack add-on features. You run a lightweight agent on every machine that forwards whichever event logs you define in its config to your elasticsearch cluster (as granular as you want, even down to the Event ID), and from there you can do all the searching/aggregating/dashboarding you like (using Kibana and/or SquaredUp via the API). I’ve been using this myself for close to a year, and it’s been a huge win for our organization.
Probably the cheapest method is a powershell script that will accept search input. The script will connect to a list of servers (imported from CSV?) and search the event logs on each. So you would end up with a script that would be called by running something like
Could you potentially surface this data in Squared Up via a Data on Demand tile?
Also, perhaps not what you’re looking for, but worth be aware of free Log File MP from NiCE anyway - http://www.nice.de/log-file-monitoring-scom-nice-logfile-mp/
Sadly that is a little too much of ‘I know what to look for and where’ when investigating server or application issues it is not always that straight forward - we may be on a server trawling through logs and then see something that is of interest to then want to just search results that match the same or similar key words - remotely and in real time.
TBH the built in event viewer is fine the way it is laid out and operates - just the searching capabilities are very restricted.
This could be interesting for the future I shall keep an eye on this tool - if it does or will include event log searches it may well prove to be what we want
It would still work - you just feed in keywords that you have found while trawling logs. It’s still remotely as you can just list all your servers in the input file. It does mean dropping to a powershell console to do it.
