Are event logs important? How do you monitor them? If you are looking for a way to view, consolidate, and dismiss event logs and correlate issues among multiple Windows systems quickly and easily from one central location then check out this Free Tool from SolarWinds.

1. Consolidate all your Event Logs
in one Place!
CONSOLIDATE ALL YOUR EVENT LOGS IN ONE PLACE!
1

2. Agenda
» Are Event Logs Important
» Event Log Management
» SolarWinds Event Log Consolidator
 Using the Tool
» Helpful Resources
» SolarWinds Log & Event Manager
CONSOLIDATE ALL YOUR EVENT LOGS IN ONE PLACE!
2

3. Are Event Logs important?
» Event logs on Windows systems are helpful for both troubleshooting
when things go wrong and monitoring performance and behavior.
» The First thing a System Administrator does to monitor any unusual
activity is to check the system log files, it is the first and the most basic
step in intrusion detection.
» Every time there is a problem with a Windows server SysAdmins start by
examining errors in the system and application event logs.
» In an occurrence of an intrusion, security log entries can be isolated and
preserved. These entries can be valuable during an investigation of the
intrusion.
CONSOLIDATE ALL YOUR EVENT LOGS IN ONE PLACE!
3

4. Event Log Management
» Logging on to each Windows System to see Event Logs is super tiring and
cumbersome.
» Need to view, consolidate, and dismiss event logs and correlate issues
among multiple Windows systems quickly and easily from one central
location?
» Don’t have a centralized way to view all of your event logs?
Here comes a SolarWinds
Super Hero….
CONSOLIDATE ALL YOUR EVENT LOGS IN ONE PLACE!
4

5. SolarWinds Event Log Consolidator
SolarWinds Event Log Consolidator can
not only assist you in organizing all your
event logs from Windows Systems in one
location but also give you the ability view,
and dismiss event logs and
» Correlate issues among multiple Windows systems quickly and easily from one
central location!
» View, consolidate, and dismiss event logs from multiple Windows systems
» Filter logs to see data that is important to you! Then, export key data to a .csv
file
» Enter your device information for up to 5 computers running Windows Server
CONSOLIDATE ALL YOUR EVENT LOGS IN ONE PLACE!
5

6. Adding a Windows Server
» To add a Windows server after launching the tool for the first time:
Step 1: Enter the server name or IP address
Step 2: Enter a username for a user with administrative privileges.
Note: Enter DomainUsername for domain users.
Step 3: Enter and confirm the password for the administrative user.
Step 4: Click Test.
Step 5: If you want to add another server, click Save & Add Another Server and
repeat the steps above for up to 4 additional servers.
Step 6: Click Save to view the Dashboard for your servers.
The Dashboard consists of the following sections
Total Number of Events: This section shows the number of events for each server in
a bar chart. Point to a bar to see detailed information about that server.
Event Details: This section shows the details of every event collected by the tool.
Click an event to view its details in the lower pane of this section .
CONSOLIDATE ALL YOUR EVENT LOGS IN ONE PLACE!
6

7. Comparing Servers
» Comparing Servers Using the Side by Side View
Click the Side by Side button on the Dashboard tab to view events from two of
your monitored servers in a side-by-side view. This view aligns similar events so
you can correlate these events across your selected servers.
To use the Side by Side view
Step 1: Open SolarWinds Event Log Consolidator.
Step 2: Click the Dashboard tab.
Step 3: Click Side by Side.
Step 4: Modify the time range and choose a filter, and then click Refresh.
Step 5: Select the servers you want to view.
Step 6: Select or clear the boxes in the column headers to specify what types of
values can constitute a correlation between your servers.
Step 7: Click Refresh to load new data or apply any changes.
Step 8: When you are finished, click Close.
CONSOLIDATE ALL YOUR EVENT LOGS IN ONE PLACE!
7

8. Adding/ Comparing Servers
Credentials Entering Screen Tool also gives you the ability to view Windows Event
logs both graphically over time as well as drill into
Specific Events to view the details
CONSOLIDATE ALL YOUR EVENT LOGS IN ONE PLACE!
8

9. Exporting Logs
» Exporting Consolidated Logs
Click the Export button on the Dashboard tab to export the events that are currently displayed on that
tab.
To Export Consolidated Log Data
Step 1: Open SolarWinds Event Log Consolidator.
Step 2: Click the Dashboard tab.
Step 3: Modify the time frame, selected servers, or filter to specify what you want to export.
Step 4: Click Export.
Step 5: Click Browse to browse to the folder in which you want to save the exported file and specify a
filename.
Note: If you do not specify a folder, the default save location is My Documents.
Step 6: Select one of the following export options.
Export All Columns: Exports all columns of the data defined by your current Dashboard view in CSV
format.
Select Columns to Export: Exports selected columns of the data defined by your current Dashboard
view in CSV format. Clear a column's check box to omit it from the export.
Export To Image: Exports the bar chart from your current Dashboard view in PNG format.
Step 7: Click Export.
CONSOLIDATE ALL YOUR EVENT LOGS IN ONE PLACE!
9

10. Adding / Editing Servers
Add and edit monitored servers on the Settings tab.
11 To Add a New Server 22 To Edit a Monitored Server
Step 1: Open SolarWinds Event Log Consolidator. Step 1: Open SolarWinds Event Log Consolidator.
Step 2: Click the Settings tab. Step 2: Click the Settings tab.
Step 3: Click Add Server, and then click Add Server. Step 3: Select the Server you want to edit, and then click
Step 4: Enter the server name or IP address. Edit
Step 5: Enter a username for a user with administrative Step 4: Modify the servers settings as appropriate.
privileges. Step 5: If you want to cancel this
Note: Enter DomainUsername for domain users. procedure, click Results at any time.
Step 6: Enter and confirm the password for the Step 6: Click Save to return to the Dashboard view.
administrative user.
Step 7: Click Test.
Step 8: If you want to add another server, click Save &
Add Another Server and repeat the steps above for 33 To Delete a Monitored Server
Step 1: Select the server you want to delete
additional servers up to a total of 5 monitored servers. on the Settings tab, and then click Delete
Step 9: If you want to cancel this Server.
procedure, click Results at any time.
Step 10: Click Save to return to the Dashboard view.
CONSOLIDATE ALL YOUR EVENT LOGS IN ONE PLACE!
10

11. Managing Alerts
Manage alerting and silencing settings for specific Windows events on the Dashboard and Settings tabs.
» Enable alerting for an event to generate a system tray alert and the Alerting icon in SolarWinds Event Log
Consolidator each time the event occurs.
» Silence events to keep them from showing up in SolarWinds Event Log Consolidator at all. SolarWinds Event Log
Consolidator applies alerting and silencing based on both the Event ID and source of the selected event.
11 To Enable Alerting for an Event 22 To Silence an Event
Step 1: Open SolarWinds Event Log Consolidator. Step 1: Open SolarWinds Event Log Consolidator.
Step 2: Click the Dashboard tab. Step 2: Click the Dashboard tab.
Step 3: Click the light grey icon in the Alerting column Step 3: Click the dark grey icon in the Silencing column to
to enable alerting for a specific event from its related silence a specific event from its related source.
source.
Step 4: Click Yes when asked to confirm your selection.
33 To Manage Alerting & Silencing Settings
Step 1: Open SolarWinds Event Log Consolidator.
Step 2: Click on the Settings tab.
Step 3: Click the Events & Silencing tab.
Step 4: Click the orange icon in the Alerting column to disable alerting for an event.
Step 5: Click the light grey icon in the Silencing column to allow SolarWinds Event Log
Consolidator to resume displaying a silenced event.
Note: Events for which alerting is enabled by default are highlighted in yellow
on the Settings > Event Alerts & Silencing tab.
CONSOLIDATE ALL YOUR EVENT LOGS IN ONE PLACE!
11

12. Editing Servers / Managing Alerts
Adding & Editing Servers Managing Alerts & Silencing Screen
CONSOLIDATE ALL YOUR EVENT LOGS IN ONE PLACE!
12

13. Custom Filters
» Creating Custom Event Filters
Add and edit custom event filters on the Settings tab. View filtered events on the Dashboard tab.
11 To Create a Custom Filter 22 To Edit a Custom Filter
Step 1: Open SolarWinds Event Log Consolidator. Step 1: Open SolarWinds Event Log Consolidator.
Step 2: Click the Settings tab. Step 2: Click the Settings tab.
Step 3: Click the Custom Filters tab. Step 3: Click the Custom Filters tab.
Step 4: Click Add Filter. Step 4: Select the filter you want to edit, and then
Step 5: Enter a name for your new filter. click Edit.
Step 6: Define the filter's conditions using the menus provided. Step 5: Modify the filter as appropriate.
Step 7: If you want to add an additional condition, click Step 6: Click Save.
the Plus button next to an existing condition.
33 To View a Custom Filter
Note: The relationship between multiple conditions is always
"or." Step 1: Open SolarWinds Event Log Consolidator.
Step 8: If you want to remove a condition, click the Minus button Step 2: Click the Dashboard tab.
next to the existing condition. Step 3: Select your filter from the filters menu in
Step 9: Click Save. the upper right corner of the window.
Note: This menu indicates the filter that is
44 To Delete a Custom Filter:
currently applied to your events.
Step 1: Select the filter you want to delete on the Settings
> Custom Filters tab, and then click Delete Filter.
CONSOLIDATE ALL YOUR EVENT LOGS IN ONE PLACE!
13

14. Create/ Edit/ Delete Custom Filters
Add, Edit& Delete Custom Event Filters
CONSOLIDATE ALL YOUR EVENT LOGS IN ONE PLACE!
14

15. Helpful Resources
We invite you to learn more about SolarWinds Free Tools
LEARN MORE
Over 1 million IT pros rely on
SolarWinds free network monitoring,
application monitoring, and storage
monitoring tools.
--- Click any of the links above ---
CONSOLIDATE ALL YOUR EVENT LOGS IN ONE PLACE!
15

16. Need more Comprehensive Log
& Event Management?
EXCHANGE SERVER MONITORING SIMPLIFIED
16

17. Try SolarWinds Log and Event Manager
Event Log Consolidator lets you consolidate and filter your event logs, but what if you
need to do more than that?
SolarWinds Log & Event Manager (LEM)delivers advanced log management capabilities
in a highly affordable, easy-to-deploy appliance.
SolarWinds LEM combines real-time log analysis, event correlation, and a
groundbreaking approach to IT search to deliver the visibility, security, and control you
need to overcome everyday IT challenges.
SolarWinds Log and Event Management can:
»Collect log and event data from tens of thousands of devices.
»Perform real-time event correlation across devices.
»Visualize and explore data easily using advanced IT search.
»Automatically respond to performance issues and mitigate threats using Active
Response technology.
CONSOLIDATE ALL YOUR EVENT LOGS IN ONE PLACE!
17

18. Top 5 Reasons to choose SolarWinds for Log &
Event Management
Top 5 Reasons to Download
Log & Event Manager
»Collects log & event data from tens of thousands of devices &
performs true real-time correlation
»Powerful Active Response technology enables you to quickly &
automatically take action against threats
»Advanced IT Search employs highly effective data visualization
tools – word clouds, treemaps, & more
»Quickly generates compliance reports for PCI DSS , GLBA, SOX,
NERC CIP, HIPAA, & more
»Out-of-the-box correlation rules, reports, & responses enable
speedy deployment in an hour or less --- Click any of the links above ---
CONSOLIDATE ALL YOUR EVENT LOGS IN ONE PLACE!
18

19. Thank You!
CONSOLIDATE ALL YOUR EVENT LOGS IN ONE PLACE!
19