You can roll your own, and I've done so in a previous life, but you are starting to talk about the point at where 3rd party software makes sense.
EventTracker does this. ACS does this. I'm sure Tivoli/OpenMange/etc. all have ways of doing this. From: MarvinC [mailto:[email protected]] Sent: Friday, March 06, 2009 11:47 AM To: NT System Admin Issues Subject: Re: Locating and listing event IDs Correct but my goal is to compile a list of events across a particular set of servers to help in establishing a "pattern" for recurring issues. So say I have a cluster of servers that are experiencing high CPU issues and I need to know what event ID's were common on those servers. This gives me something I can compare side by side and keeps me from having to scan through each server's log. On Fri, Mar 6, 2009 at 9:54 AM, Michael B. Smith <[email protected]> wrote: Logparser and "select unique". Or something of the same nature. I aggregate my logs, but I do so differently.looking at a single instance doesn't necessary tell you of the severity of a situation. From: MarvinC [mailto:[email protected]] Sent: Friday, March 06, 2009 9:45 AM To: NT System Admin Issues Subject: Locating and listing event IDs Anyone have a script or method for listing event IDs? With any server you're gonna have a slew of events well what I want to do is list the single instance of each event. So lets say I have 400 warning for event ID: 9646, several for event ID: 333, 50 for event ID: 1023. Well I would want to grab the following: Type Date Time Source Category Event User Computer Error 1/1/2009 12:00 Crypt32 None 8 N/A Server1 Error 2/1/2008 1:00 EXCDO General 8199 N/A Server2 So instead of seeing multiple instances of the alerts I only see the single instance. Any responses appreciated. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
