cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Agentless pull of event logs or log files

Agentless pull of event logs or log files


We have many critical systems that getting an agent on is a horrendous task and anytime anything goes wrong it will be the agents fault.  So I would LOVE to see an agentless pull.  This could be similar to how SAM looks at logs.  It can have credentials that log into the system, regardless of OS, and will go to the file you configure and grab the logs.

Since the technology is already there for SAM, I would think this would be doable.

Tags (1)
23 Comments
Level 8

I agree with you. Deploying agents all over the place is big issue. It is a big NO for Domain Controllers and the Server owners don't want anything installed in their servers. I worked with ArcSight before and I had didn't have to worry about agents for Windows logs.

Level 16

Many other companies are using RPC calls to pull the data.  This is a HUGE need and I am getting alot of flak from my fellow engineers and managers over this.  LogRythym is making fun of us and telling my managers we chose wrong...   We need to have an answer....  even just something official saying its on the roadmap with no date commitment...


Level 21

While I think that is a good idea, it also has some downsides to it.  Using the agent allows you to pull in other log files that are not necessarily associated with Windows that otherwise would be inaccessible.  You would also loose the security and distributed load capabilities; the agent handles the normalization and securing of the log transfer on the client side, if you use RPC you will loose those benefits as well.

Level 16

I hear ya, and where we can we will put the agents, but we have to test on over 700 diffent servers before it will be allowed, and some systems they just laugh at me.  So I see a mix for us of about 400 agents and 300 agentless....

fun fun....

Level 21

Ugg   I see your pain point there.  Until you have an agentless solution, do you have any good way to mass deploy those agents?

Level 16

I would get shot....  I am not allowed to touch it.  Windows or Linux or AIX teams must do the installs....


Level 8

Deploying agents is always a problem when you dont own the servers. It took 2 months to convince the system admin to install ONE agent in the domain controller and I still have 15 more to go. And as soon as there "think" there is a problem with the server, they point right at the agent and automatically remove them. I can understand having the agent installed for respond actions in LEM (which I don't tell the system admins that the agent can do or they will freak out) but just to gather logs I don't see the reason why. The LEM has connectors to remotely gather SQL logs, I would think is not a big deal to make one for remote logs.

Maybe if we cry enough to Nicole Pauls she can help us?....lol.... ...at least I see the Fireeye thing going after some crying...lol

Level 8

Well...just as I finished commenting here....the agent stopped working....sooo...now I have to go thru the pain of asking the system administrator to work with me and look at the agent...

Product Manager
Product Manager

To add to this discussion thread: we ARE looking at this, we DO have something in the works, but we're NOT yet ready to call it "what we're working on" or put any kind of timeframe on it. I hope to have the What We're Working On updated in the next few weeks and I'll let you know if it's there.

(I feel obligated to add the disclaimer: this is not meant to be a commitment to build this, or that we will deliver it on any specific timeframe. It's always possible priorities change)

Level 16

You guys are AWESOME!!!!   My managers will be very please I chose Solarwinds!!