The Event Log Management Suite from Dorian Software Creations is a collection of utilities--which can be purchased and run individually--that provide the ability to collect, archive, monitor, and analyze Windows event logs. The vendor boasts their product line as able to work with logs on remote PCs from a central PC without requiring agents on the remote PCs themselves. Rather, the products rely on Remote Procedure Calls (RPC) and Windows File and Print Sharing to collect and examine remote log files. According to the vendor, if you can perform an action against a remote log with Microsoft's Event Viewer, then their products will also have the access they need. The central PC upon which the product is installed can be a Windows NT4/2000/XP/2003/Vista/2008 computer, depending on the component installed.

Available components in the product suite include Event Archiver, Event Alarm, Event Analyst, and Event Rover.

Event Archiver provides for the collection and archiving of remote log files, including the ability to either clear the remote log file after it has been collected or "leave a copy" of the file for review by server-specific admins. Supported log file formats include both the EVT and the newer EVTX (used by Vista/2008) logs, including the ability to process both log formats side-by-side. (Note that the product must be installed on a Windows Vista/2008 machine to support EVTX log processing. This is true of all of the products below that support EVTX log formats.) Automatic database maintenance (for stored log data) is also supported.

Event Alarm is the monitoring tool of the platform, watching remote logs for defined events and supporting EVT and standard Windows Event Logs, as well as the syslog. Over 100 pre-defined alarms are included in the package, and when an alarm is triggered it can be delivered via E-mail alerts, network pop-ups, pagers, syslog forwarding, insertion to a target DB, or broadcast notifications (the latter made possible by individual admins running the product's custom notification program). Support for alarm grouping is also included.

The new release of Event Alarm will additionally support EVTX files.

Event Analyst is the reporting, filtering, and examination tool of the suite; like Event Archiver it supports both EVT and EVTX files, and it additionally supports comma-delimited text files, and Event Archiver compatible tables in Microsoft Access and ODBC databases. Features include view, filter, and data export; and the product ships with pre-packaged specialized log reports in HTML formats. Charting support is included, as is custom report creation features.

Finally, Event Rover is a log viewer tool specifically targeted to on-the-fly data analysis. Features include sorting and filtering of log data, and presentation in a tree-view. Event Rover supports the viewing of EVT format files, with the vendor noting that the product does not alter the original log but rather makes a copy and works from it.

The Event Log Management Suite is available now; the new release of Event Alarm is expected soon. Pricing is per computer to be monitored, and starts at about $70/per server and $30/workstation (Event Analyst pricing), with volume discounts available.

Contact the vendor for further information.