I struggled with this dilemma for a long time. I tried numerous event log monitoring tools and didn't really like any of them. I've come up with this solution. I run about 35 servers. Every morning, I execute a batch file that connects to the server and runs dumpevt (http://www.somarsoft.com/somarsoft_main.htm) against each server. (Install documentation is included) Here's an example of the syntax in the batch file:
dumpevt /computer=ServerName /logfile=sec /outdir=c:\dumpevt\ServerName >>c:\dumpevt\errors.txt dumpevt /computer=ServerName /logfile=app /outdir=c:\dumpevt\ServerName >>c:\dumpevt\errors.txt dumpevt /computer=ServerName /logfile=sys /outdir=c:\dumpevt\ServerName >>c:\dumpevt\errors.txt dumpevt /computer=ServerName /logfile=dns /outdir=c:\dumpevt\ServerName >>c:\dumpevt\errors.txt dumpevt /computer=ServerName /logfile=dir /outdir=c:\dumpevt\ServerName >>c:\dumpevt\errors.txt dumpevt /computer=ServerName /logfile=rp /outdir=c:\dumpevt\ServerName >>c:\dumpevt\errors.txt Replace servername with the name of the server you want to check. That creates a set of files with a .tmp extension that correlate to each log on each server. I then use Windows Grep (http://www.wingrep.com) to parse the .tmp files. I set up three filters to search for "error", "warning", or "failure". That gives me a display that shows the matching strings for each server. What's really cool about Dumpevt is that it keeps an Access DB of what it has checked before, so each time you run it, it starts where it left off the last time. So every morning at about 6, I run the batch file. It takes about 10 minutes to run from my workstation across my VPN connection (I work from home in the AM). Once done, I fire up Windows Grep and execute my saved search strings. It takes about 10 seconds to parse all the files, and then it takes me about 10 minutes to read through all the found events. What I like about this is that I see a lot of the same events over and over. Many of them are noise, but when I see something out of the ordinary, it stands out like a sore thumb. For my size organization, it was the most elegant solution I could find. Let me know if you need more info... ********************** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ********************** > -----Original Message----- > From: Kern, Tom [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 03, 2004 7:01 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] event logs > > Hi, i'm one admin in charge of about 30 > servers(ad,exchange,sql,etc), does anyone know of a good > cheap(free) way to monitor eventlogs without having to term > or connect to each server? > i was thinking of a perl script maybe via ms sql or mysql to > send event errors or warnings to a centralized db or file. > i find i spend about an hour or more of my morning monitoring > and checking logs and i thought i'd use a pc to actually help > me and do what it was meant to do- boring tedious tasks. > how do you guys do it on this list? > > Thanks > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
