How-To Effectively Consolidate Windows Event Logs


Published on

Looking for help in consolidating your Windows Event Logs? This Slideshare will help you to understand
- What are logs?
- What are they good for?
- Why is it difficult to consolidate event logs?
- A simple, free solution- SolarWinds Event Log Consolidator
- Consolidating event logs using ELC tool
- Measuring and Analyzing event logs

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

How-To Effectively Consolidate Windows Event Logs

  1. 1. How-To effectively consolidate Windows event logs© 2013, SolarWinds Worldwide, LLC. All rights reserved. 1
  2. 2. Agenda1. What are logs?2. What are they good for?3. Why is it difficult to consolidate event logs?4. A simple, free solution- SolarWinds Event Log Consolidator5. Consolidating event logs using ELC tool6. Measuring and Analyzing event logs7. Do you need more Event Log management?SOLARWINDS EVENT LOG CONSOLIDATOR 2
  3. 3. What are logs?» Logs are a mystery. They come in a variety of formats and are available through several unique means.» Logs are the means by which software keeps track of whats going on "behind the scenes." Everything from the operating systems running on your computers and devices to the databases that support your applications generate logs.» Oftentimes, logs are very granular, logging every step the software takes, making them useful in many ways. Most IT professionals know at least this much about logs, but the segment of that population that knows what theyre good for, much less how to read them, is significantly smaller. 3
  4. 4. What are they good for? LOGS FOR TROUBLESHOOTING LOGS FOR COMPLIANCE LOGS FOR PROACTIVE DETECTION AND REMEDIATIONEvent log data is important for security, audit, compliance andtroubleshooting. But log data is high volume and very difficult to collect manually and consolidate without a tool. 4
  5. 5. Why is it difficult to consolidate event logs?» Native event logging mechanisms from Windows and Unix systems & network devices dont have built-in consolidation, archiving, alerting and reporting features, required to effectively utilize event data.SOLARWINDS EVENT LOG CONSOLIDATOR 5
  6. 6. A simple, free solutionSolarWinds Event Log Consolidator» A free tool that gives you the ability to view, consolidate & dismiss event logs & correlate issues among multiple Windows systems from central location» Allows viewing Windows Event Log messages from up to 5 servers running Windows Server» Also allows you to: • Compare event volume side-by-side for multiple computers • Generate alerts for critical events • Pinpoint events of interest using custom filtersSOLARWINDS EVENT LOG CONSOLIDATOR 6
  7. 7. Consolidating event logs using ELC Enter the IP Address Enter the Username Use this option for adding up to 5 serversSOLARWINDS EVENT LOG CONSOLIDATOR 7
  8. 8. Consolidating event logs using ELC ( Contd..) Multiple servers Graphical representation with color differentiation Event DetailsSOLARWINDS EVENT LOG CONSOLIDATOR 8
  9. 9. Measuring and Analyzing Event logs Allows you to check events by time period Allows you to check by log typeSOLARWINDS EVENT LOG CONSOLIDATOR 9
  10. 10. Analyzing Events You can add or delete servers for which you need to consolidate event logsSOLARWINDS EVENT LOG CONSOLIDATOR 10
  11. 11. Managing Alerts» You could manage alerts by triggering alerts for events or silencing the not so key ones.SOLARWINDS EVENT LOG CONSOLIDATOR 11
  12. 12. Managing Filters» Filters helps you to filter the according to the type of events you need to monitor or the ones that are important to youSOLARWINDS EVENT LOG CONSOLIDATOR 12
  13. 13. Watch Event Log Consolidator in ActionSOLARWINDS EVENT LOG CONSOLIDATOR 13
  14. 14. Do you need even more Log Management?Yes, if:» Apart from consolidating events from Windows servers, you also need to:  Support log and event data from various devices  Have an automated process to take corrective action against threats  Comply with external regulations like PCI DSS , GLBA, SOX, NERC CIP, HIPAA, & more» Guess what, SolarWinds Log and Event Manager (LEM) can come to your rescue!!SOLARWINDS EVENT LOG CONSOLIDATOR 14
  15. 15. How is it different from the free tool? Use Case Free Event Log Consolidator Log & Event ManagerConsolidates log events across multiple Up to 5 UnlimitedWindows systemsFiltered views based on event criteria Yes YesReal-time dashboard with visualizations No YesConsolidates log events across Syslog, No YesSNMP, flat log files, databases & APIsReal time filters based on multiplecriteria and information about your No YesenvironmentOver 700 rules, alerts filters and reports No Yesfor security & compliance best practicesUSB Detection & Prevention No YesLong-term centralized storage with No Yeshistorical search & analysisGet up and running and monitoring in Yes Yesabout an hourSOLARWINDS EVENT LOG CONSOLIDATOR 15
  16. 16. Test Drive a Demo or Free Trial» Log Collection, Analysis, and Real-Time Correlation» Collects log & event data from tens of thousands of devices & performs true real-time correlation» Powerful Active Response technology enables you to quickly & automatically take action against threats» Advanced IT Search employs highly effective data visualization tools – word clouds, tree maps, & more» Quickly generates compliance reports for PCI DSS , GLBA, SOX, NERC CIP, HIPAA, & more» Out-of-the-box correlation rules, reports, & responses enable speedy deployment in an hour or less SOLARWINDS EVENT LOG CONSOLIDATOR 16