Event log management made easy

Since the days of ENIAC, systems administrators have had the difficult task of gathering, analyzing, and storing computer log files. Windows NT administrators are no exception. Although the NT Event Viewer reports useful system and user information, it lacks automated functions to properly manage its event files. Dorian Software Creations' Event Archiver Professional 2.0 is an affordable solution for managing NT event files on workstations and servers. Event Archiver automatically saves Event Viewer files to an NT *.evt event file or to a formatted text file that you can open in your favorite spreadsheet or database program. The product features flexible scheduling, the ability to run as a service, and archived event files.

Easy Does It
Event Archiver installation takes only a minute. Configuring the system using the Event Archiver Control Panel program is nearly as easy. As Screen 1 shows, you simply determine which event logs to archive, the archive schedule, and where to store the log files. You can set the program to archive either by day/date/time or when event logs are full. Next, choose an archive file type. You can use the standard NT event log format, a comma-delimited text file to import into a spreadsheet, or both. Now is also a good time to determine if you want to clear the event logs after archiving. When I selected a folder to store the archived files, I was disappointed that my only choice was a local folder and not a networked drive or Uniform Naming Convention (UNC) share. This is unfortunate, because the naming convention of the archive files (<system_name><log_file_type><archive_date/time> ) is a very useful format. Ideally, you want to be able to store logs from different systems in the same folder and easily distinguish between them. I questioned DorianSoft technical support, who said that this is an NT limitation, not an Event Archiver limitation. The vendor is working on Event Archiver 3.0, which will include a remote administrator for multiple systems, which can move archived files to a central location. Even with this limitation, storing archived files on the local system is acceptable with proper backups.

Up and Running
Event Archiver, like any good NT product, installs and runs as an NT service. The product consumes minimal resources and creates few performance problems. This is one of those rare programs that you can install, forget about, and use regularly. I decided to do just that—install and configure the program, then let it go to see what information it archives. After several days, I was pleasantly surprised to see a folder list of well-identified archive files. My configuration creates both NT *.evt event log files and *.txt comma-delimited text files. The software will archive event files weekly for easy reference, and the text files will be useful for importing into spreadsheets and databases for reporting purposes and long-term analysis. I also selected the Backup and Clear function, which clears NT event logs after archiving to prevent excessive disk space usage. The Event Archiver Help file contains clear information about operation, troubleshooting, and company contact information. Unfortunately, the Help file is in HTML format and you need a browser to view it. A standard NT Help file would be more manageable.

As with any archive, the ability to easily extract needed information is the highest priority. For example, if you want to know what time Sandy Smith logged on June 21, 1998, you can look in the security event log; however, the security event log might log thousands of users, and chances are good that you won’t find the entry. Event Archiver saves those important log files based on a manageable time interval. Event Archiver can also assist with long-term analysis. Append the comma-delimited files to a spreadsheet or database to determine trends, such as how often in the past year an SNA event 23 occurred. A test importation into Microsoft Excel 5.0 showed proper delimited formatting with no deviation among columns. Opening an archived *.evt test file in Event Viewer functioned the same as opening a system-generated event file.

Event Archiver is a simple, yet effective, NT system tool to archive and organize event log files. I installed and ran Event Archiver on my test systems without errors, and its reasonable price tag means you can install it on all your servers without breaking your budget. You can purchase the software from the Dorian Software Creations' Web site.

Event Archiver Professional
Contact: Dorian Software Creations * 404-504-1340
Web: http://www.doriansoft.com
Price: $19.99 per system, with unlimited licensing for more than 250 systems
System Requirements: Windows NT Server 4.0