Log aggregation

[scoops98]

Would it be possible to put load all event logs from chosen servers into one area on PC Monitor? I have set up the event log notification after following the thread in another post (thanks Paul).

[Paul]

If what you need is one centralised place to see all event logs from all of your computers then what you ask is complicated.

It can be done using event log forwarding so that all 'slave' computers forward their events (that match your pattern) to one 'master' central computer where you can use PC Monitor to monitor it's Event Log.

This can be done if the computers are in a LAN or a VPN.

I have never seen an implementation of event forwarding via WAN before so its not a recommend aproach.

Here are some links that should explain more:

http://www.windowsecurity.com/articles/centralized-auditing-here-free.html

http://social.technet.microsoft.com/Forums/en/winservergen/thread/8434ffb3-1621-4bc5-8311-66d88b215886

http://chentiangemalc.wordpress.com/2011/01/25/script-to-collect-all-event-logs-off-a-remote-windows-7-server-2008-machine/

http://technet.microsoft.com/en-us/library/cc748890.aspx

This can be inserted into mobile pcmonitor to automatically query other computers's events and merge their result into one gigantic list, however its really bandwidth consuming, and not sure if its a good aproach. Maybe some Mobile PC Monitor Staff might answer this with a more apropiate way so don't lose hope on this 'feature'.

I am not aware of any 'tools' that collect and centralise windows event logs via WAN.

Hope it helps,

Paul.

[scoops98]

Thanks Paul, Forwarding looks like the way to go.