Noah, For the Windows crowd, I have heard of little for rotating all the different kinds of application specific logs. Disclaimer, I know little about IIS web/ftp logs, but I believe those are a different animal all together, but have their own archival/logrotation capabilities. Probably the same for SQL, vendor specific stuff, etc. For the Windows NT/2000/Xp Event logs, there are few of options. If you want to just roll over the logs, and don't care for past data, just set them to overwrite. If you want to keep older data, you'll have to find to way to script a few options using tools from the NT/2000 Resource Kits, or some free-ware tools. By no means are these ideas exhaustive, but I hope they steer you (and others) to some optional tools you can use. With the Microsoft Resource Kits, DumpEl is a Microsoft tool to dump out the log data. It can be scheduled to occur at regular intervals. DumpEl just dumps the log data, it doesn't clear it. So you could, dump the data weekly, and set the logs to overwrite and keep your log size small to trigger the overwrites, and hope you don't miss anything overwritten before the next dump cycle. Another better, free-ware tool that does more is EventCl by MobiusWare http://www.mobiusware.com/freeware (kudos to Grant and Shane, this tool is greatly appreciated!) This tool will dump and clear the logs, so you can schedule this to regularly clear all your System, Security and Application Event logs, even remote systems, and archive them to a central repository. Of course, they are still in the native Windows Event log format (.evt) which is in binary form (to support localization through different dlls for EventViewer. That means to properly view them on a different server, you will need the dlls particular to specific applications (like Exchange, Terminal Server Edition, etc.) to decode the event error message information. Another option is to use ActivePerl's Win32::Event:and Win32::EventLog modules to read, write, extract, etc that data into a format you desire. I do not know if either module lets you clear the log data or rotate it, but you can use other methods to do that and just use Perl to extract what you deem necessary. I imagine if you know enough about Perl, you probably could run it from a *nix station with the necessary modules loaded there, without having to use them on a NT/2K/Xp station. I am actually working a method to take the archived files from the EventCl and use ActivePerl to parse them for historical trending, possibly to extract desired data to pump into database for better reporting and trending analysis. A later option I might explore is to also use Perl to monitor the logs in near real time, for alerting purposes as well. Of course, someone may suggest the vendor supplied route, but you might be better able to roll your own, and manage it more to your likely on your fee schedule :) Steve -----Original Message----- From: Noah White [mailto:nwhiteat_private] Sent: Friday, May 03, 2002 12:41 PM To: 'loganalysisat_private' Subject: [logs] Windows logrotation tool? Hi, I'm new to the Windows game and have been looking around for a tool similar to logrotate on Unix/Linux. The only one I've come across is the logrotate tools which comes with the Win32 version of Apache and that only rotates Apache logs. I looked through the list archives but didn't notice any threads on this topic. TIA, -Noah --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri May 03 2002 - 12:41:49 PDT