Hi Habr! A few years ago, we ran into a problem perhaps familiar to most companies doing business on the Internet - how to monitor servers efficiently and eliminate as much as possible unexpected outages?
Servers running Windows Server have a very efficient source of information about system operation, event logs (Window Event Logs). There you can find almost everything, reports on problems reading / writing hard drives before trying to guess passwords through external services. However, the event logging interface does not provide convenient connectivity to them remotely. Most system administrators have to go to each server individually and rummage through the thousands of events generated by the system every few hours.
')
Software solutions that make the system administrator's work a little easier and collect all the necessary data on one screen is quite expensive. For example, the set of tools for monitoring logs from Solarwinds.com costs from $ 2500.
A couple of years ago, we developed a small service for our internal use that collected data from their event logs and sent everything to a single database. From there, all this was displayed on the administrative page and the review of what happened since the last inspection began to take only a few minutes a day.
It was quickly discovered that the service should be refined, add filters to hide events that are not important and create an alert service so that we can quickly inform administrators when critical events began to appear in the log.
So our project was born - WinLogViewer.com. A free service for monitoring event logs on Windows servers.
Last Christmas and New Year holidays we launched a public version of our service that allows you to monitor up to three servers for free. In the next few weeks, we will add the ability to pay via PayPal, and if you have more than three servers, you can subscribe to one of our low-priced service packages and just as we can easily control all your servers from one screen and in a convenient format. .
How it works?
Windows does not provide built-in capabilities to access event logs remotely. Therefore, we have developed a small system service that checks the logs every few minutes and sends new entries to WinLogViewer. All you need to get started with our service is to register, create accounts for each of your servers and download our application - WinLogViewer Monitoring Agent. It is generated automatically for each of your servers, so for the work you do not have to enter any settings, just make the installation.
Security
Of course, we understand that administrators are wary of everything that requires running on a corporate server, but we have nothing to hide. Our Monitoring Agent is written in C # .net and we will gladly provide its sources for anyone interested in the integration of our product to legal entities. Your specialist will be able to make sure that there are no spyware or malicious modules in the code, compile and install the agent on your servers. To do this, you need to contact us, sign a non-disclosure agreement and download the source code.
Your data is stored on our servers in the United States and the Netherlands in encrypted form. Only authorized users of your organization have access to them.
Filters
After you have configured your servers to work with WinLogViewer and started receiving hundreds of event log entries, it's time to set up filters to filter out events that do not require your attention. To make it extremely simple, in every log there is an option to add a filter where you can filter out events that contain or do not contain a keyword. To further simplify the creation of filters, we added the [Filter out like this] button to each event in the logs, this allows literally a couple of minutes to clear the magazines from informational garbage and draw attention to real problems.
You can create filters and make them available to your colleagues, which makes it much easier to create individual settings for each user.
Alerts
With WinLogViewer, monitoring logs has become much easier, but of course it is better if the service itself notifies you if events suddenly appear in the system that require immediate attention. To do this, we created Alerts Service that monitors incoming events and notifies specified persons when certain keywords appear in the records. Configuring alerts as well as filters is available in each log and having created one setting, you can apply it to all other servers and their logs. As a recipient, you can choose both registered users in the service, or just an email address. Thus, you can easily configure the sending of reports to people who are responsible for certain projects or sections of the network.
Scheduled reports
Do you want WinLogViewer to report on what happened on your servers while you were sleeping? Nothing is easier! Create a schedule distribution of reports (Scheduled Reports), specify the time when it is convenient for you to receive them and indicate the keywords that it is important for you to track. For example, every morning in your mailbox will be waiting for you a report in the last 24 hours on topics of interest to you.
Other buns
Of course, you can create accounts for your colleagues and give them read-only access to logs or full administrator rights.
Under each event, you will find the [Email] button to send event details to your colleagues.
We recently added search through all event logs, which makes searching for certain events even easier.
Future plans
In the coming weeks, we will add the ability to pay for our services through PayPal. This will allow you to connect the SMS alert service and purchase the required number of credits for messages.
The corporate version of our service is being debugged and can be purchased and installed on a closed network. If your organization is interested in the internal integration of WinLogViewer contact us. For several pilot plants, we will offer good discounts and convenient technical support.
We are interested in developing event monitoring modules for unix systems. If you have programming experience in this area and wish to participate in the development, contact us.
We hope you find our service useful and I will be happy to answer your questions.
Use for free,
WinLogViewer.com
Update: For unknown reasons, some letters sent to mail.ru do not reach the addressee. If you have registered and have not received an email to confirm your email address, please contact us at accounts@winlogviewer.com and we will quickly activate your account.