Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Note: Forums will be making significant UX changes to address key usability improvements surrounding search, discoverability and navigation. To learn more about these changes please visit the announcement which can be found HERE.
Windows Server TechCenter >
Centralized event log management

已答复 Centralized event log management

  • Tuesday, December 21, 2010 1:07 PM
     
     
    Sign In to Vote
    0

    Hi Experts,

    Our requirement is configure the DCs and Servers to do a centralized event log management. Is there a default way of doing it? Is mapping the shared network drive and configuring the events to log in the shared network drive a suggested method? I need your exprts opinion.

    Rgrds,

    MPC

     

All Replies

  • Tuesday, December 21, 2010 2:02 PM
     
     Answered
    Sign In to Vote
    0

    Hello,

    for a centralized management you should use software solution like SCOM:

    http://technet.microsoft.com/en-us/systemcenter/om/default.aspx

    All other options require that you monitor the different event logs of each server or you configure them to forward messages to another server.

    http://technet.microsoft.com/en-us/library/cc748890.aspx

    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
     
  • Thursday, December 23, 2010 2:58 AM
    Moderator
     
     Answered
    Sign In to Vote
    0

    Hi,

     

    You can use a centralized event-log management system as Meinolf mentioned. You can also use MMC (Microsoft Management console) snap-ins with several of event viewer setting the focus on the servers need. Please refer to the following information:

     

    1. Go to Start-> Run and type mmc

    2. Click File-> Add/Remove Snap-In, then select the Add button.

    3. In the window of available snap-ins select Event Viewer and then click Add.

    4. In the Select Computer window, select the computer from which to get events and click finish.

    5. Repeat this process for each server you want added to the MMC.

     

    When finished, you should save the console so that the next time you open it keep all these changes we made. To save the console, once added server events for, go to the File menu and select Save as and enter a name Console.

     

    Also, the Event Comb tool (Eventcombmt.exe) will be helpful. It is a multi-threaded tool that can be used to gather specific events from the Event Viewer logs of different computers at the same time. For more information, you can refer to the following link:

     

    http://support.microsoft.com/kb/308471  

     

    Thanks.

    Nina

    This posting is provided "AS IS" with no warranties, and confers no rights.