For those that manage Win2k/2k3 servers, how do you go about managing log files. Do you really have to use the event viewer to view them? With over close to 25k-30k log files, it seems impossible! HOW DO YOU DO IT!

For those that manage Win2k/2k3 servers, how do you go about managing log files. Do you really have to use the event viewer to view them? With over close to 25k-30k log files, it seems impossible! HOW DO YOU DO IT!

It all depends on what exactly your needs are in reviewing event logs.

You don't have to use the event viewer provided that you have a way of automatically "forwarding" those events to a database. Here are a few tools you can use to get started:

1. GFI Security Event Log monitor (http://gfi.com/lanselm/)
2. Snare for Windows (http://www.intersectalliance.com/projects/SnareWindows/index.html)
3. NTSysLog (http://ntsyslog.sourceforge.net/)

GFI provides some basic reporting functions, but to get anything tailored to your needs, you'll need to write your own SQL queries.

I admin ~30 servers here at work and I use the evnt logs as a troubleshooting tool, more than a daily maintenance regemine. I used to check the server logs every morning when I came in but it becomes so tediuos since Windows will ALWAYS have some event errors, multiplied by the number of systems you have . Those tools will help you if your boss demands that you do monitoring. I only check them when I know something is going wrong.

by federal & corporate regs where I used to work; we were not allowed to delete, overwrite, or clear any event log on any server until it had been archived as an evt and csv, and then written to removable media and stored. We ran GFI - SELM and a combination of vbscripts to do all of the reviews and archiving... total pain

I forgot about this one..
MOM: Microsoft's Operations Manager
http://www.microsoft.com/mom/