Steve, I am with Adiscon. We offer a commercial software solution called MonitorWare product line. Among other features it offers Windows event forwarding and processing, high performance syslog server (really!), text file monitoring and other services. With the file monitor, you can pick up for example IIS logs, DHCP logs and the many other text-based log types that are present on Windows machines (if you just go for the event log, you miss something). I would like to mention that we had one of the earlest implementations of a EventLog to Syslog tool. The first commercial version was available in 1997 - so we have quite a bit of experience. The latest beta releases also allow gathering data from serial devices and forwarding information from database tables. Our Agents are fully configurable and can also do alerting. On the analysis side, we offer the so-called MonitorWare Console which provides database query and (scheduled) reporting. I have to admit that the console does not come with all the bells and withels that the "big players" have. But we have free custom report generation ;) To the scenario - consider the following points: #1 Windows event logs have only part of the actual message in them - in order to obtain the full message, you need to have all message libraries that the monitored machines has. A remote monitoring agent will *not* get you the whole message in all cases. #2 even under Windows, not all log information is written to the event log. Text files are important there, too #3 check if the vendor offers a generic solution to address diverse log sources - this is important if you would like to integrate new upcoming event sources at a later stage #4 check if the solution supports all relevant standards. For example, is the new syslog RFC 3195 supported - that will play a big role in reliable logging #5 check if the vendor offers cross-platform agents - we ourselfs are currently windows only, but we are developing for *nix #6 for UDP-based syslog, do a test if burst traffic is handled correctly. This is very important. It does not help if your log server is overrun then when it matters most (and this is a well-known problem spot). I think there are other points, but these should be a good start for your decisions. Information on our solution is available at http://www.monitorware.com/ - there are also some white papers which may even tell you how to optimize another solution ;) For all product related questions, please contact me off-list. Thanks, Rainer > -----Original Message----- > From: stephen hawking [mailto:hawkins@private] > Sent: Thursday, February 12, 2004 8:03 AM > To: loganalysis@private > Subject: [logs] products list wanted > > Hi, > > I'm looking for products that can analyze & generate reports > based on the syslogs/eventlogs of all the Unix/Windows > systems in a network from a centralized place. > > Can someone suggest any such products? > > Thanks & regards, > Steve > > > > > > <http://clients.rediff.com/signature/track_sig.asp> > _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Feb 12 2004 - 13:39:04 PST