What works
for daily event log monitoring?
I have 80 Windows servers
in the data center. What can I use for daily event log monitoring?
Windows event log files
contain a treasure trove of information on server performance and operations.
But they're tedious to trawl through on a regular basis, especially when you
have more than a few servers to maintain in the data center.
Windows Server sorts event logsinto Application,
Security and System sections and saves the event log files locally on each
server by default.
There is a plethora of
event log monitoring tools available, both free and paid. You'll need to decide
which one best fits your needs. Whatever tool you pick, expect to do a lot of
work at the beginning to clean up and remediate or ignore a lot of errors that
it picks up from the log files. Once you remove the noise, what's left is a
very valuable tool for maintenance and troubleshooting on
Windows servers.
Here are a few options for
log file monitoring, but due to the scale of offerings out there, please take
this as a sampling only.
Free vs. paid log monitoring tools
At the free low-end scale,
try Microsoft Windows Event Viewer's subscriptions option. You can create a
central point to collect and read the event log files from multiple machines
and apply filters, such as "Errors & Warnings." You can review
the files on a daily basis, with errors remediated. This is as simple as you
can get in log monitoring, so you will miss out real-time error alerting, or
easy results management from hiding or ignoring certain errors.
Also free, but more
feature-rich and complex are syslog -- a standard
for message logging, with many variants, builds and add-ons -- and the ELK stack, which
includes Elasticsearch, Logstash and Kibana. These will collect and collate
logs from Windows Event Viewer tool as well as other sources. You can start by
monitoring event logs, then collect application-specific logs from IIS, SQL or
other applications from outside of Windows Event Viewer.
At the paid end, two
popular examples are SolarWinds Log & Event Manager and Splunk
on-premises or as a service. These products are for the higher end of the
market, and are not just plug and play.
Paid or enterprise versions
of event log monitoring tools provide great amounts of information and alerting
around all manner of logs, including Event Viewer logs. However, they may be
too complex for a small IT team to maintain.
Look for vendors like Splunk and SolarWinds that offer
demos, which will give you a feel for how the tool can help in your server
environment.
No comments:
Post a Comment