There are tools currently in SAM to watch windows event logs and you can create powershell scripts to watch others. This is fine for small files and non chatty files.
The challenge we have is being able to watch for and potentially alert on numerous strings, say we are watching for 15 possible events in 13 different log files across 6 different servers.
This will be growing by 50% this year alone in our environment.
Running powershell scripts across the network every 10 minutes to watch all of these takes time and resources. Now if the log files are chatty, you start to increase overhead on both the polling server and
the polled server. Now monitors go unknown because of timeouts. This accounts for a fraction of the log file event monitors we have running.
Toss into the mix some convoluted directory paths..slightly different in each case and then some variability in the log file name (include time of day, date, PID of process running the file, rippled log files based on time of day or file size, etc.)
The requirements on the powershell script become quite demanding.
So I got to looking...and what did I find ? Solarwinds has the Kiwi Log Viewer. Hmmm...I thought scratching my head.
It supports perl style regular expressions for pattern matching. It supports watching multiple files and large files, both requirements I have,
Wait, did I say it supports regular expressions for pattern matching ?
Granted it is GUI based, but the guts are there to make it into an agent that does the heavy lifting and only reports back the logfile entries you desire based on pattern matching.
This could be a big easy win for all and deployed when and where needed. It would fill a niche that Solarwinds does not currently fill but is sorely needed.
It would tie directly into SAM.
