My goal this week was to find a low-cost (say it with me: free!) method to monitor my Windows 2003 server's event logs, based on specific filters (i.e., specific event IDs, specific sources, etc.) and email me an alert if that event or events were added to any of the system's event logs.
Imagine my surprise and disappointment when all I could find were:
- Expensive enterprise products, like Microsoft's MOM;
- Open-source products that required a backend server, such as SNARE (System iNtrusion Analysis and Reporting Environment);
- Cheap third-party utilities that looked either cumbersome, cheesy or unstable (or in some cases, all three).
I was disappointed that I couldn't find a simple program to accomplish this little thing (with the exception of Keroon Software's Event Log Watchdog Manager, though it still cost more than I wanted to pay). I even thought about diving into scripting, but who has time to create, manage and deploy scripts for something like this? Not me, and probably not you either.
Finally I stumbled across an event log monitoring application, EventSentry, from Netikus.Net Ltd. EventSentry is an application suite for Windows NT, Win2k, WinXP and Windows Server 2003 that monitors your server's (or workstation's) event log, system health and network devices. The best part is that it runs as a service and does not need its management console running in order to monitor your system. Call me geeky, but this is a major plus compared to the other "low-cost" event-logging solutions I researched.
Netikus.Net also offers a freeware version of EventSentry, called EventSentry Light. (It's the successor to EventwatchNT.) EventSentry Light has no time restrictions but it's a stripped-down version offering only a few of EventSentry's features. Notably, none of EventSentry's database-related features (including the Web reports) are supported. I installed it and am delighted to report that it functions wonderfully.
EventSentry Light does not currently require a license, but has many features disabled. The stripped-down version performs filtering based on event log, severity, ID, source, category and text (maximum one include and one exclude filter) and offers other features as well.
You have to register to download the freeware, but you can put in anonymous info (except email address). Afterwards, you'll have a sweet little program that can alert you when your server generates an event and get notified when it does. Although I intend on looking into the full product suite Netikus offers, I should note here that Windows Vista apparently has this event notification built in now.
Shocker, whenever I need something, I have to wait for the next release. . . .
About the author: Tim Fenner(MCSE, MCSA: Messaging, Network+ and A+) is a senior systems administrator who oversees a Microsoft Windows, Exchange and Office environment, as well as an independent consultant who specializes in the design, implementation and management of Windows networks.
More information on this topic:
- Tip: LogParser: Microsoft's well-kept secret for reading logs
- Topics: Admin tools
- RSS: Sign up for our RSS feed to receive expert advice every day.