On Thu, 2003-10-02 at 02:58, Tina Bird wrote: > Several of the developers of those Event Log to syslog applications are > also on this list, but I'll let them speak for themselves. So I do ;-). We offer two solutions, http://www.eventreporter.com/ and http://www.mwagent.com/. An overview over the whole system is at http://www.monitorware.com/. Our solutions are commercial but reasonably priced. EventReporter was - AFIK - the first-ever eventlog-to-syslog solution and as such is *very* mature. As Tina said, it is nowadays easy to forward the logs, it is just not part of the Windows offering. When you evaluate solutions, you should look at the following questions: - can the solution forward complete messages, even when local message libraries are in use (e.g. Exchange messages, AV vendor messages...) - is there support for reliable delivery - syslog/udp is not as reliable as we would like to have it (you need to make sure, however, that your receiving syslogd also supports reliable delivery) - what is the resource usage on the monitored server and the network? Ideally, you should not notice any impact on the server's performance (otherwise you will likely get trouble with your server admins...) - can you locally filter out unneeded events? - this can save you lots of bandwidth - does the solution keep up with the evolving Windows and logging technology Lastely, I would like to remind you that even on Windows, not everything is in the event log. There are also text based log files, like IIS logs and DHCP logs. You may want to forward this data to your central log server, too. Rainer _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Oct 02 2003 - 06:42:08 PDT