RE: [logs] products list wanted

From: Rainer Gerhards (rgerhards@private)
Date: Thu Feb 12 2004 - 13:31:45 PST

  • Next message: Tina Bird: "[logs] Moderator's apology"

    Steve,
    
    I am with Adiscon. We offer a commercial software solution called
    MonitorWare product line. Among other features it offers Windows event
    forwarding and processing, high performance syslog server (really!),
    text file monitoring and other services. With the file monitor, you can
    pick up for example IIS logs, DHCP logs and the many other text-based
    log types that are present on Windows machines (if you just go for the
    event log, you miss something). I would like to mention that we had one
    of the earlest implementations of a EventLog to Syslog tool. The first
    commercial version was available in 1997 - so we have quite a bit of
    experience. The latest beta releases also allow gathering data from
    serial devices and forwarding information from database tables. Our
    Agents are fully configurable and can also do alerting.
    
    On the analysis side, we offer the so-called MonitorWare Console which
    provides database query and (scheduled) reporting. I have to admit that
    the console does not come with all the bells and withels that the "big
    players" have. But we have free custom report generation ;)
    
    To the scenario - consider the following points:
    
    #1 Windows event logs have only part of the actual message in them - in
    order to obtain the full message, you need to have all message libraries
    that the monitored machines has. A remote monitoring agent will *not*
    get you the whole message in all cases.
    
    #2 even under Windows, not all log information is written to the event
    log. Text files are important there, too
    
    #3 check if the vendor offers a generic solution to address diverse log
    sources - this is important if you would like to integrate new upcoming
    event sources at a later stage
    
    #4 check if the solution supports all relevant standards. For example,
    is the new syslog RFC 3195 supported - that will play a big role in
    reliable logging
    
    #5 check if the vendor offers cross-platform agents - we ourselfs are
    currently windows only, but we are developing for *nix
    
    #6 for UDP-based syslog, do a test if burst traffic is handled
    correctly. This is very important. It does not help if your log server
    is overrun then when it matters most (and this is a well-known problem
    spot).
    
    I think there are other points, but these should be a good start for
    your decisions. Information on our solution is available at
    http://www.monitorware.com/ - there are also some white papers which may
    even tell you how to optimize another solution ;)
    
    For all product related questions, please contact me off-list.
    
    Thanks,
    Rainer
    
    > -----Original Message-----
    > From: stephen hawking [mailto:hawkins@private] 
    > Sent: Thursday, February 12, 2004 8:03 AM
    > To: loganalysis@private
    > Subject: [logs] products list wanted
    > 
    > Hi,
    > 
    > I'm looking for products that can analyze & generate reports 
    > based on the syslogs/eventlogs of all the Unix/Windows 
    > systems in a network from a centralized place.
    > 
    > Can someone suggest any such products?
    > 
    > Thanks & regards,
    > Steve
    > 
    > 
    > 
    > 
    > 
    >  <http://clients.rediff.com/signature/track_sig.asp>  
    > 
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysis@private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Thu Feb 12 2004 - 13:39:04 PST