Windows Server Summit 2024
Mar 26 2024 08:00 AM - Mar 28 2024 04:30 PM (PDT)
Microsoft Tech Community
LIVE

Collecting Windows Event Logs centrally

Brass Contributor

Hi. We want to purchase a product to collect eventlogs from all our Domain Controllers. We have tested Microsoft own "log shipping" and it is not what we are looking for.

So I want to know if anyone have an implementation/product that they can recommend.

Best would be if the:
1. Software run on Windows and Microsoft SQL
2. I do not have to install an Agent on the Domain Controller

Looking forware do hear what you are running out there :)

2 Replies

Hi Jesper, can you please elaborate on the issue with the Microsoft log shipping?

 

You might also want to check out the Microsoft Operations Management Suite (does include an agent): https://www.microsoft.com/en-us/cloud-platform/operations-management-suite

 

Hi Jesper.

I understand and share your concern regarding installing an agent on the servers.

While agentless implementations do not have the potential problems of updating the agent , software compatability, etc., please be aware that there is another set of things to watch out for with an agentless implementation.

Primarilly, the agentless solution is going to need to allow inbound connections to the servers from whatever is performing the collection. Configuring this securely can be an issue with host firewall configuration, identity access, etc.. I have found that the "just get it to work" approach of most of these solutions leave much to be desired: the use of Domain Admin privledges, excessive relaxation of the firewall, resource utilization on the target already at load by the polling mechanism, etc.

Also, an advantage of the agent based solutions is that they can usually also trigger collection on an event driven basis, so critical events are more likely to be colected right away.

You just want to make sure that whatever solution you use has good support, keeps pace with Microsoft OS versions, and meets the overall business goals.

System Center does its job really well and also has many other features and components that may make sense.

Hope this helps!