I typically don't look at the non-security event logs unless there is a problem. I do periodically scan the security event logs to check for problems there.
I used to try and proactively monitor the event logs, but, as you've found, trying to separate the wheat from the chaff is an impossible task anymore. I think it was Mark Twain who said that law was like sausage - you should never watch either being made. I think AD and Exchange is kind of like that... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Tuesday, June 15, 2004 9:22 AM To: ActiveDir (E-mail) Subject: [ActiveDir] Eventlog management(OT) I have a linux syslog server set up to centralize logging of all event viewer messages on my (30) Win2k servers via the Eventlog to Syslog utility. My question to the group now is, how do you guys typically deal with all that info? do you parse it with a perl script for errors and ignore the rest or have an email generated when a critical error occurs or just(god forbid) go thru them all each morning. I'm the only admin here and dealing with 30 server's logs can really eat a huge chunk of my day. is ther a better cheap(free) way to optimize this? thanks. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
