none
Centralized event log management

    Question

  • Hi Experts,

    Our requirement is configure the DCs and Servers to do a centralized event log management. Is there a default way of doing it? Is mapping the shared network drive and configuring the events to log in the shared network drive a suggested method? I need your exprts opinion.

    Rgrds,

    MPC

    Tuesday, December 21, 2010 1:07 PM

Answers

  • Hello,

    for a centralized management you should use software solution like SCOM:

    http://technet.microsoft.com/en-us/systemcenter/om/default.aspx

    All other options require that you monitor the different event logs of each server or you configure them to forward messages to another server.

    http://technet.microsoft.com/en-us/library/cc748890.aspx


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Tuesday, December 21, 2010 2:02 PM
  • Hi,

     

    You can use a centralized event-log management system as Meinolf mentioned. You can also use MMC (Microsoft Management console) snap-ins with several of event viewer setting the focus on the servers need. Please refer to the following information:

     

    1. Go to Start-> Run and type mmc

    2. Click File-> Add/Remove Snap-In, then select the Add button.

    3. In the window of available snap-ins select Event Viewer and then click Add.

    4. In the Select Computer window, select the computer from which to get events and click finish.

    5. Repeat this process for each server you want added to the MMC.

     

    When finished, you should save the console so that the next time you open it keep all these changes we made. To save the console, once added server events for, go to the File menu and select Save as and enter a name Console.

     

    Also, the Event Comb tool (Eventcombmt.exe) will be helpful. It is a multi-threaded tool that can be used to gather specific events from the Event Viewer logs of different computers at the same time. For more information, you can refer to the following link:

     

    http://support.microsoft.com/kb/308471  

     

    Thanks.

    Nina


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, December 23, 2010 2:58 AM

All replies

  • Hello,

    for a centralized management you should use software solution like SCOM:

    http://technet.microsoft.com/en-us/systemcenter/om/default.aspx

    All other options require that you monitor the different event logs of each server or you configure them to forward messages to another server.

    http://technet.microsoft.com/en-us/library/cc748890.aspx


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Tuesday, December 21, 2010 2:02 PM
  • Hi,

     

    You can use a centralized event-log management system as Meinolf mentioned. You can also use MMC (Microsoft Management console) snap-ins with several of event viewer setting the focus on the servers need. Please refer to the following information:

     

    1. Go to Start-> Run and type mmc

    2. Click File-> Add/Remove Snap-In, then select the Add button.

    3. In the window of available snap-ins select Event Viewer and then click Add.

    4. In the Select Computer window, select the computer from which to get events and click finish.

    5. Repeat this process for each server you want added to the MMC.

     

    When finished, you should save the console so that the next time you open it keep all these changes we made. To save the console, once added server events for, go to the File menu and select Save as and enter a name Console.

     

    Also, the Event Comb tool (Eventcombmt.exe) will be helpful. It is a multi-threaded tool that can be used to gather specific events from the Event Viewer logs of different computers at the same time. For more information, you can refer to the following link:

     

    http://support.microsoft.com/kb/308471  

     

    Thanks.

    Nina


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, December 23, 2010 2:58 AM
  • Hi there,

    Windows Server has a great feature to gather all the Windows Event logs at one place. I have tried to get that all steps here:-  

    http://yourcomputer.in/windows-event-logs-centralization/

    Hope it will help you to setup at your place


    Friday, February 07, 2014 7:51 AM