Collecting Windows Event Logs centrally

Hi Jesper.

I understand and share your concern regarding installing an agent on the servers.

While agentless implementations do not have the potential problems of updating the agent , software compatability, etc., please be aware that there is another set of things to watch out for with an agentless implementation.

Primarilly, the agentless solution is going to need to allow inbound connections to the servers from whatever is performing the collection. Configuring this securely can be an issue with host firewall configuration, identity access, etc.. I have found that the "just get it to work" approach of most of these solutions leave much to be desired: the use of Domain Admin privledges, excessive relaxation of the firewall, resource utilization on the target already at load by the polling mechanism, etc.

Also, an advantage of the agent based solutions is that they can usually also trigger collection on an event driven basis, so critical events are more likely to be colected right away.

You just want to make sure that whatever solution you use has good support, keeps pace with Microsoft OS versions, and meets the overall business goals.

System Center does its job really well and also has many other features and components that may make sense.

Hope this helps!