To keep this thread going, I'll add in my two cents on this: I've just loaded BackLog (http://www.intersectalliance.com/projects/BackLogNT/index.html) to all of my production servers, and am currently using the freeware version of the Kiwi syslog server (http://www.kiwisyslog.com/index.htm) to collect all of the event logs centrally. As soon as the PO goes through, I'm going to have the US$69.00 full version of the Kiwi software installed and using its ODBC capabilities to stuff all of that data into my MSSQLServer machine, for lots of reporting. For the IIS/SMTP/FTP logs, I'm still looking, but am hoping that Analog will provide what I need. | -----Original Message----- | From: Richardson, Stephan [mailto:stericat_private] | Sent: Friday, May 03, 2002 12:10 | To: 'loganalysisat_private' | Cc: 'Noah White' | Subject: RE: [logs] Windows logrotation tool? | | | Noah, | | For the Windows crowd, I have heard of little for rotating | all the different | kinds of application specific logs. Disclaimer, I know | little about IIS | web/ftp logs, but I believe those are a different animal all | together, but | have their own archival/logrotation capabilities. Probably | the same for | SQL, vendor specific stuff, etc. | | For the Windows NT/2000/Xp Event logs, there are few of | options. If you | want to just roll over the logs, and don't care for past | data, just set them | to overwrite. If you want to keep older data, you'll have to | find to way to | script a few options using tools from the NT/2000 Resource | Kits, or some | free-ware tools. By no means are these ideas exhaustive, but | I hope they | steer you (and others) to some optional tools you can use. | With the Microsoft Resource Kits, DumpEl is a Microsoft tool | to dump out the | log data. It can be scheduled to occur at regular intervals. | DumpEl just | dumps the log data, it doesn't clear it. So you could, dump the data | weekly, and set the logs to overwrite and keep your log size small to | trigger the overwrites, and hope you don't miss anything | overwritten before | the next dump cycle. | Another better, free-ware tool that does more is EventCl by MobiusWare | http://www.mobiusware.com/freeware (kudos to Grant and | Shane, this tool is | greatly appreciated!) This tool will dump and clear the | logs, so you can | schedule this to regularly clear all your System, Security | and Application | Event logs, even remote systems, and archive them to a | central repository. | Of course, they are still in the native Windows Event log | format (.evt) | which is in binary form (to support localization through | different dlls for | EventViewer. That means to properly view them on a different | server, you | will need the dlls particular to specific applications (like Exchange, | Terminal Server Edition, etc.) to decode the event error message | information. | Another option is to use ActivePerl's Win32::Event:and Win32::EventLog | modules to read, write, extract, etc that data into a format | you desire. I | do not know if either module lets you clear the log data or | rotate it, but | you can use other methods to do that and just use Perl to | extract what you | deem necessary. I imagine if you know enough about Perl, you | probably could | run it from a *nix station with the necessary modules loaded | there, without | having to use them on a NT/2K/Xp station. | | I am actually working a method to take the archived files | from the EventCl | and use ActivePerl to parse them for historical trending, possibly to | extract desired data to pump into database for better | reporting and trending | analysis. A later option I might explore is to also use Perl | to monitor the | logs in near real time, for alerting purposes as well. Of | course, someone | may suggest the vendor supplied route, but you might be | better able to roll | your own, and manage it more to your likely on your fee schedule :) | | Steve | | | -----Original Message----- | From: Noah White [mailto:nwhiteat_private] | Sent: Friday, May 03, 2002 12:41 PM | To: 'loganalysisat_private' | Subject: [logs] Windows logrotation tool? | | | | Hi, | | I'm new to the Windows game and have been looking around for | a tool similar | to logrotate on Unix/Linux. The only one I've come across is | the logrotate | tools which comes with the Win32 version of Apache and that | only rotates | Apache logs. | | I looked through the list archives but didn't notice any | threads on this | topic. | | TIA, | | -Noah | | | --------------------------------------------------------------------- | To unsubscribe, e-mail: loganalysis-unsubscribeat_private | For additional commands, e-mail: loganalysis-helpat_private | | --------------------------------------------------------------------- | To unsubscribe, e-mail: loganalysis-unsubscribeat_private | For additional commands, e-mail: loganalysis-helpat_private | | --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri May 03 2002 - 19:51:11 PDT