2 Replies Latest reply on Dec 22, 2009 12:50 PM by viol8tor

    Solarwinds Log Forwarder Question.

    viol8tor

      Recently downloaded the Log Forwarder for Windows agent.

      Just need to know if any of the fields will support wild cards or regex when creating an event log subscription.

      For example, when defining the 'Users(s)' field, you need to specify the "computername\username" when matching for local username activity.

      Specifying just the 'username' will result in no matches.  

      I'm trying to package this up to deploy to hundreds of servers, but wanted to keep it simple as possible.

       

      Thanks,

      - v

        • Re: Solarwinds Log Forwarder Question.

          I tried to get the log forwarder working, and it just spiked my CPU to 100% and would never give it back.

           

          Before you got deploying it, give it a test run to see how it does for you.

           

          YMMV

          I'm running Snare without any problems right now.

           

          -Mark

            • Re: Solarwinds Log Forwarder Question.
              viol8tor

              Hello Mark,

              No issues running the Log Forwarder on my test boxes.  (The only major deployment concern I have is making sure .net 2.0 is installed on all the servers.)

              I have many instances of Snare installed without issue, with the exception of Snare Epilog. Epilog is problematic.

              Comparing Snare to SW Log Forwarder, I think the SW Log Forwarder is simpler and much more intuitive. SW should get kudos' for putting together a good, basic product. The only shortcoming I really see in the SW Log Forwarder is a lack of wild card support / regex support.

              Otherwise, one of my internal customers has a very specific requirement and the SW Log Forwarder would be perfect for the job, -  but knowing how my customers are, I'll probably end up installing a Splunk forwarder instead.  (SW Log Forwarder = Scalpel, Splunk Forwarder = Swiss Army Knife.)

               

              -v