Looking for help in consolidating your Windows Event Logs? This Slideshare will help you to understand - What are logs? - What are they good for? - Why is it difficult to consolidate event logs? - A simple, free solution- SolarWinds Event Log Consolidator - Consolidating event logs using ELC tool - Measuring and Analyzing event logs

1. How-To effectively consolidate
Windows event logs
© 2013, SolarWinds Worldwide, LLC. All rights reserved.
1

2. Agenda
1. What are logs?
2. What are they good for?
3. Why is it difficult to consolidate event logs?
4. A simple, free solution- SolarWinds Event Log Consolidator
5. Consolidating event logs using ELC tool
6. Measuring and Analyzing event logs
7. Do you need more Event Log management?
SOLARWINDS EVENT LOG CONSOLIDATOR
2

3. What are logs?
» Logs are a mystery. They come in a variety of formats and are available
through several unique means.
» Logs are the means by which software keeps track of what's going on
"behind the scenes." Everything from the operating systems running on
your computers and devices to the databases that support your
applications generate logs.
» Oftentimes, logs are very granular, logging every step the software takes,
making them useful in many ways. Most IT professionals know at least
this much about logs, but the segment of that population that knows
what they're good for, much less how to read them, is significantly
smaller.
3

4. What are they good for?
LOGS FOR TROUBLESHOOTING
LOGS FOR COMPLIANCE
LOGS FOR PROACTIVE DETECTION AND REMEDIATION
Event log data is important for security, audit, compliance and
troubleshooting. But log data is high volume and very difficult
to collect manually and consolidate without a tool.
4

5. Why is it difficult to consolidate event logs?
» Native event logging mechanisms from Windows and Unix
systems & network devices don't have built-in consolidation,
archiving, alerting and reporting features, required to
effectively utilize event data.
SOLARWINDS EVENT LOG CONSOLIDATOR
5

6. A simple, free solution
SolarWinds Event Log Consolidator
» A free tool that gives you the ability to view, consolidate & dismiss event
logs & correlate issues among multiple Windows systems from central
location
» Allows viewing Windows Event Log messages from up to 5 servers
running Windows Server
» Also allows you to:
• Compare event volume side-by-side for multiple computers
• Generate alerts for critical events
• Pinpoint events of interest using custom filters
SOLARWINDS EVENT LOG CONSOLIDATOR
6

7. Consolidating event logs using ELC
Enter the IP Address
Enter the Username
Use this option for
adding up to 5 servers
SOLARWINDS EVENT LOG CONSOLIDATOR
7

8. Consolidating event logs using ELC ( Contd..)
Multiple
servers
Graphical
representation
with color
differentiation
Event
Details
SOLARWINDS EVENT LOG CONSOLIDATOR
8

9. Measuring and Analyzing Event logs
Allows you to check
events by time period
Allows you to check
by log type
SOLARWINDS EVENT LOG CONSOLIDATOR
9

10. Analyzing Events
You can add or delete
servers for which you
need to consolidate
event logs
SOLARWINDS EVENT LOG CONSOLIDATOR
10

11. Managing Alerts
» You could manage alerts by triggering alerts for events or
silencing the not so key ones.
SOLARWINDS EVENT LOG CONSOLIDATOR
11

12. Managing Filters
» Filters helps you to filter the according to the type of events
you need to monitor or the ones that are important to you
SOLARWINDS EVENT LOG CONSOLIDATOR
12

13. Watch Event Log Consolidator in Action
SOLARWINDS EVENT LOG CONSOLIDATOR
13

14. Do you need even more Log Management?
Yes, if:
» Apart from consolidating events from Windows servers, you also need
to:
 Support log and event data from various devices
 Have an automated process to take corrective action against threats
 Comply with external regulations like PCI DSS , GLBA, SOX, NERC CIP,
HIPAA, & more
» Guess what, SolarWinds Log and Event Manager (LEM) can come to your
rescue!!
SOLARWINDS EVENT LOG CONSOLIDATOR
14

15. How is it different from the free tool?
Use Case Free Event Log Consolidator Log & Event Manager
Consolidates log events across multiple
Up to 5 Unlimited
Windows systems
Filtered views based on event criteria Yes Yes
Real-time dashboard with visualizations No Yes
Consolidates log events across Syslog,
No Yes
SNMP, flat log files, databases & APIs
Real time filters based on multiple
criteria and information about your No Yes
environment
Over 700 rules, alerts filters and reports
No Yes
for security & compliance best practices
USB Detection & Prevention No Yes
Long-term centralized storage with
No Yes
historical search & analysis
Get up and running and monitoring in
Yes Yes
about an hour
SOLARWINDS EVENT LOG CONSOLIDATOR
15

16. Test Drive a Demo or Free Trial
» Log Collection, Analysis, and Real-Time Correlation
» Collects log & event data from tens of thousands of devices & performs true real-time
correlation
» Powerful Active Response technology enables you to quickly & automatically take
action against threats
» Advanced IT Search employs highly effective data visualization tools – word clouds,
tree maps, & more
» Quickly generates compliance reports for PCI DSS , GLBA, SOX, NERC CIP, HIPAA, &
more
» Out-of-the-box correlation rules, reports, & responses enable speedy deployment in
an hour or less
SOLARWINDS EVENT LOG CONSOLIDATOR
16

17. Thank You!
SOLARWINDS EVENT LOG CONSOLIDATOR
17