6

Currently I use Microsoft Management Console to check Event Viewer logs on 20 servers. Every time I click on one server, my custom view it takes 2 minutes to load. I need to find a faster way to check all these 20 servers since I do this daily.

Is there a program that I can configure to do this automatically. Log into the servers like MMC copy the custom view and then compile all of them into one file so I can check it later. Even if it takes some time I can start the program and do something else meanwhile. Thank you

user312042
  • 83
  • 4
  • 1
    There are also syslog (or SIEM for more security-wise stuff) systems that do just that, but I have no recommendations. A big one I know of, but never tried, is elasticsearch/logstash (Linux based) - collects whatever you want wherever you want from, index everything and lets you quick searches (should be way faster than the usual eventvwr). – EliadTech Oct 18 '15 at 09:43
  • A give a +1 for elastic stack . you can read more here for easy logcentralizing here : https://nxlog.org/using-nxlog-elasticsearch-and-kibana – YuKYuK Oct 19 '15 at 11:02

1 Answers1

3

One thing you can do for free is to use or setup a system that subscribes to the events from the other systems. The source must have winrm configured (winrm quickconfig) the destination must have the windows event collector service configured (wecutil qc) once configured you can add computers from the event viewer on the destination machine. You could also add filters from the sources as well. So you could make a group policy event collection independent from a service status collection (e.g.). While its certainly best practice to check event logs with the Mark 1 eyeball (patent pending) you can also attach a script to an event so that whenever something interesting happens you can DO something rather than wait for you to poke around. See http://blogs.technet.com/b/wincat/archive/2011/08/25/trigger-a-powershell-script-from-a-windows-event.aspx for the details on that.

Jim B
  • 24,081
  • 4
  • 36
  • 60