Feature List
A Centralized Solution
Event log data is collected remotely & securely across the network using Microsoft's own purpose-built technologies. For real-time monitoring this approach typically has much less impact on server resources than agent-based solutions.
A single license for LogMeister and EventMeister allows you to monitor as many machines/logs as the host hardware can handle. There's no additional license inventory burden as you add more machines to your network; just define new feeds for each new log that you need to monitor.
Since nothing need be installed on the servers being monitored, maintenance is limited to the single Windows PC on which LogMeister/EventMeister is running.
Other than a few small configuration changes to allow remote event log collection, no changes are made to the computers being monitored, and nothing is installed.
Log Monitoring
By default real-time monitoring is used for security and other event logs, while scheduled monitoring is used for all other log types. However, scheduled monitoring is also available for event logs, which has the ability to collect historical data.
For older systems (e.g. 2003 server) WMI is used for log collection. Newer systems (2008/2012 server, Windows Vista, 7, 8, 10) have the choice of continuing to use WMI, or to use Microsoft's newer purpose-built event log technology that can read the additional log types that are generated by the more recent OS releases.
In addition to Windows event logs and Unix/Linux syslog, LogMeister can monitor text-based logs in a wide range of formats including IIS Server, Apache and firewall logs. It can also extract data from XML and RSS feeds.
Use sophisticated rule-based filtering on each log feed to eliminate "background noise" events during collection, when viewing, and also when generating reports or exporting data to file.
Event Notification Actions
Define triggering rules for specific events and event sequences, and fine-tune sensitivity to ensure that an appropriate level of action is taken.
Alert emails with parameterized subject lines can be sent directly to multiple recipients, with optional attachments and log excerpts.
Forward any log entry to syslog server(s) of your choice.
Via 3rd party gateways, alert emails can be used to send texts, trigger pager alerts and raise tickets in service management systems.
Provide parameterized command lines to be executed automatically when an alert situation occurs.
Buffer-up noteworthy events in separate logs and email them to appropriate staff automatically.
Optionally deliver real-time visual and audio alerts directly via the front-end app.
Log Viewing and Analysis
Browse through collected data form all log feeds via the viewer in the front-end app.
Combine data from any of the log feeds you've defined to create a live unified, time-sorted view which can itself generate alerts, exports and reports.
Define powerful rule-based filters to expose only the most relevant events in the current view.
Data from any feed can be opened in its own window, allowing you to compare event data from multiple sources side-by-side.
Reports and Data Export
- On demand or by recurring schedule
- When an internal data store reaches a specified capacity
- In response to a specific event occurring in a log
- Multiple reports per feed
Log data from any source can be exported on demand or by schedule in a variety of formats including: HTML, CSV, XML and RSS. An optional parameterized post-processing command can be executed immediately on completion of the report/export and the file can be automatically emailed to a list or recipients.
Additionally, log data can be sent to an external database via ODBC (SQL Server and MySQL currently supported).
Data Storage
The data from each source is held in its own non-proprietary database file (SQLite) - no external DB software is required.
Automatically manage the store size via scheduled archival or size trigger.
Export collected log data in a variety of formats for archival, storage in external DB etc.
A range of 3rd party tools exist for reading LogMeister's SQLite database format, increasing the potential for integration with external systems.
Unlimited Scalability
Many business require only a single license to cover all their monitoring needs; simply define more log feeds as your network grows.
Purchase additional copies of LogMeister/EventMeister to spread the monitoring burden over multiple machines in large networks.
LogMeister's affordable licensing model opens up the possibility of duplicating monitoring installations for redundancy.