Results 1 to 5 of 5

Thread: m$ log archiver

  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325

    m$ log archiver

    Hi AO!

    I was doing some reading this afternoon and want the AO community opinion.

    I archive server logs on a regular basis and it takes forever. These are NT and 2k servers. I will need to be able to archive all logs... application/system/security.

    I know the resource kit has an event log dumper... I guess I could always script it.

    What tools do you use to help you do this?

    Anyone know of a good automatic tool, say I set it, schedule it and check it after it has completed?

    If possible, I'd like to keep them in the .evt format and store them on a different server.

    Any/all suggestions welcome. Thanks in advance!

  2. #2
    Senior Member
    Join Date
    Jul 2001
    Posts
    461
    What I would do, is set up a syslog server, such as Kiwi, on one of the machines,

    http://www.kiwisyslog.com/

    And then use this utility

    http://www.intersectalliance.com/projects/BackLogNT/

    to send events to syslog server.

    Then just allow the event logs to overwrite themselves as needed on each server.

    It works fairly well actually. Gets all of your logs in one place.

    Sorry, didnt notice til after posting that you wanted to keep the evt format. I wonder why though, if you could have them all in a single easily searchable location and format.


  3. #3
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Sorry, didnt notice til after posting that you wanted to keep the evt format. I wonder why though, if you could have them all in a single easily searchable location and format.
    Well, I guess that doesn't really matter. I just have been saving them the same way for so long, that I got used to it. You are right though, it'd be easier to search them that way.

    I've been just sorting them up until now.

    Thanks for the advise, I'll look into it!

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    I like Kiwi Syslog Daemon and I can highly recomend the use of it. We use it to collect information from different devices (routers, servers, clients) in our Intranet and then send filtered information to a *nix syslog server (with oracle db) for storage, backup and centralized analyzis.

    We have a custom-built php tool running on the *nix and with that can we easilly trace and read changes on screen (via browser). And ofcourse custom built scripts for automated processes/tasks (filter, import, backup, export, import etc).

    Hmm lots of text and nothing really to add except that Kiwi is a good tool .

    ~micael

  5. #5
    Junior Member
    Join Date
    Mar 2003
    Posts
    11
    Microsoft PSS have a utility called EventCombMT to read multiple event logs. It also includes some useful filters (eg account lockout info).

    Also, I've toyed with using a WMI and ADO pull the event logs into a SQL server and this works very nicely.

    Is there a particular reason to keep the files in EVT format?
    [glowpurple]$ _[/glowpurple]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •