Log management in general, is the essential topics for every system administrator. For any environment that has more than a couple of servers, centralized control and management of log files is a very important and significantly reduces the time that is spent on the administration of the systems in general. Searching through event logs on multiple servers is generally very time consuming job, and besides, it is quite often that some of the important information slips.
Solutions like System Center Operations Manager, for some organizations, are too complicated and too expensive, and quite often, in such cases the true tackle some third-party solutions that can surprise at their quality and functionality.
Lepide company, relatively unknown in our local market, is offering a very solid solution for centralized event log management. Their Event Log Manager is focused on the Windows event logs and W3C event logs (access logs of web servers), and present a very good solution for smaller to medium companies, who need an affordable, simple and functional solution for log management.
Lepide Event Log Manager is relatively little tedious and quite easy to use. You can install it on any Windows Server (supported by all newer than Windows 2000) or on a workstation that runs Windows XP or newer OS. In addition to the log management component, it requires the presence of SQL Server on the local or any other computer on the network. Fortunately, it supports SQL Server Express Edition, which means you do not have to buy a license, but you can use this free version. Hardware requirements are minimal, and you can install log management application on any computer that has at least 2 GB of RAM, and has installed. NET Framework. The installation process is very simple, and consists of starting the setup procedure and answers to some very simple questions. Upon first launching the application it will be necessary to configure a connection to SQL Server, which is a mandatory step before using the software. If SQL Server is installed on another computer, make sure that the SQL connections ports open and that you use account that has privileges to create a database.
Once the database connection is configured, you can continue to work in the console. It is advisable to first create groups of servers that are being monitored, and choose the method of collecting logs. The system can operate on agent and agent-less mode. Work in agent mode requires the deployment of agent software to the target computers, but it provides some more information from a computer that is monitored. While carrying out the primary configuration software, which consists of setting parameters for the SQL Server and the mail server (optional, if you want alerts and reports sent by e-mail), you must also add the computers and servers that are being monitored, possibly to form groups, and after that the system is ready for operation. After the first collection of logs, administrator can start to use the console Event Log Manager, which is organized by functional tabs.
The first tab, called Dashboard, is a graphical overview of events that have collected in the last 15 days, for some well-known services, such as Logon reporting, SQL Server reporting, Exchange Server Report and the Report for the Service Control Manager. This tab can be seen as the rapid examination of whether some of these critical services have had problems in recent time. Useful, it would be nice if can be customized, but in this version of the dashboard layout is fixed.
The next tab is used to manage groups. You can create groups of computers whose logs monitor, and besides, you can also add servers and computers. To view the logs in the rest of the console, it is necessary to add the resources here.
Event Browser tab is a "giant" event viewer. Here, it is possible to examine individual event logs on any PC that we follow through Event Log Manager. Logs are sorted into groups, and each group can select the log source server that we are interested in, and get a list of logs from that source. This approach is somewhat clearer than the traditional event viewer as logs within the group are further classified by type (eg, within the group we have the System Log Events log types such as Print Events, Hard Disk events, TCP / IP events, etc).
Reports Tab is perhaps the most important in the whole story, because it allows a very detailed overview of the state, filtered by the type of events that we have been interested. Most of time, administrators search logs for a specific event, so the report that groups logs by event is quite useful. For example, it is possible to get a report on the events lock user accounts in the last 7 days. Or report that will show all the events of a successful or unsuccessful logins. In the application, there are already a few dozen pre-designed reports that can be easily run, but it is also possible to create your own custom logs. Each report can be exported in HTML or PDF format, which is a very useful feature, especially in cases where these reports are forwarded for further review beyond the IT department. Reports can be generated manually and automatically. If you want to run reports automatically, then you should create an appropriate schedule object. Reports generated by the schedule, are sent via email, which is also a very suitable option.
As you would expect from software of this kind, options are also available to create alerts. If you have an event in one of the systems you track is particularly important, software can generate alert that will notify you via email when the log records the occurrence of a certain event type on some of the servers that are being monitored. The only method of notification is by email.
In the end, Event Log Manager allows and logging activities on himself. All that you are doing within this software will be logged to its own log and available for review through the Activity log tabs in the application itself.
Event Log Manager is definitely the software that needs to be taken into consideration if you need this type of service in your organization. Somewhat archaic console and some functionality that should be added, definitely leave room for improvement, but this version is quite usable. I tested it with both Windows Server 2008 and Windows Server 2012 servers and it worked fine, although Windows Server 2012 is still not officially supported.
Event Log Manager can be purchased through subscription or through licensing by the number of monitored servers, on which more details can be obtained on the Lepide web site.
