Log Manager Roundup

Hunting through yet another Windows event log is often a necessary but time-consuming chore. One tool that can simplify this task is a Windows event log manager. An event log manager can help you more easily monitor and manage your event logs, find specific events, and generate reports.

Taking 5 Log Managers for a Spin
For this log manager roundup, I looked at five different Windows log managers. Depending on your needs, any of these five products would be a good alternative to the standard Windows event viewer.
• FSPro Labs' Event Log Explorer
• Altair Technologies' Event Reader 2
• Dorian Software Creations' Event Analyst
• Technology Lighthouse's EventMeister
• Corner Bowl Software's Corner Bowl Log Manager 2009

All five products support the EVT format used by Windows Server 2003 and Windows XP to save event log files, but not all support the EVTX format, which Windows Vista and Windows Server 2008 use for event log files.

To test the log managers, I installed each one under Windows 2003 as my base OS. I also installed products compatible with Vista and Server 2008 under those two systems to confirm compatibility and make sure they could read EVTX files directly.

Of the five, the only program incompatible with Vista or Server 2008 was Event Reader 2. However, the company said that Event Reader 3 will support the newer OSs, though no release date was given.

Event Log Explorer, Event Analyst, Event Meister, and Corner Bowl Log Manager run on Windows Server 2008/Vista/2003/XP/2000/NT; Event Reader 2 runs under Windows 2003/XP/2000.

Event Log Explorer 3.1
FSPro Labs’ Event Log Explorer (see Figure 1) provides a no-frills window with a treeview of the computer on which you installed the program. You drill down on your current machine to see branches for each separate log file and double-click each log to open a list of its events in a table.

Double-clicking a specific event opens a separate window consolidating information about the event type, date, time, and more. You can also find links to Microsoft’s Knowledge Base and to the Event ID database, a web-based repository of Windows event log information.

From the UI, you can add other computers to the treeview. A wizard automatically scans for other computers based on their role on the network.

If you want to see just one specific log from another computer rather than all logs, you can run the Open Log command instead, browse the network or domain, then choose the machine. That command also lets you open existing EVT or EVTX log files from your local computer or any networked machine. To manage the many logs from different computers, you create multiple workspaces, each one storing a different tree of logs.

To sort the events displayed in the main window, you can click on any column heading. To narrow the events displayed, you can apply filters by running the Filter command. The filtering system is very effective, offering a nicely-designed dialog box. You can save any filter and apply it to other logs.

A convenient Quick Filter option is also available to filter the log based on your current selection. To limit the number of events loaded, you can also prefilter events before they open. You can also search through all the displayed events using the Find command.

Event Log Explorer lets you save any log as an EVT or EVTX file, so you can keep a running archive. The software offers both manual and automated processes for backing up.

You can export any log from Event Log Explorer into HTML to generate a report, or save it as a text file or Excel spreadsheet to incorporate into a database. You can choose to export all events or only selected ones, and include or exclude event descriptions, but nothing more. However, it doesn’t include a scheduling feature, so you can’t automatically generate a report and have it emailed.

Event Reader 2
Event Reader 2 from Altair Technologies (see Figure 2) displays a treeview of your local computer, and you can drill down to see branches for each of the individual event logs. Clicking on a specific log displays its events and event properties. An Event Properties window displays a description of the event you select and its individual properties. Clicking the Event ID for a specific event brings you to the Event ID database, the web-based resource started by and still maintained by Altair Technologies.

By default, Event Reader displays the logs for the computer on which it’s installed. You can add additional computers to monitor. Event Reader 2 supports only EVT files, not EVTX.

You can easily sort the events in any list by clicking on the heading for each column. Event Reader offers several useful options to filter your data. A toolbar across the top displays buttons for each of the different event types, such as error, warning, and information. By default, each button is turned on, but you can also exclude that type from the display.

More advanced filtering options also are available, including filtering by event type, by date and time, and by event ID and source. The filter options were smoothly presented and simple to use. Event Reader offers no specific method to search for events. But in most cases, filtering provides a more efficient way of seeing events based on specific criteria.

To create a report, you can export an event log into HTML. Event Reader provides a few basic but helpful options to format your HTML report, letting you choose the font, point size, and colors. You can also save a log directly to an FTP server, which simply uploads it as an HTML report. And you can export event log data to a database.

The scheduling feature is impressive. You can schedule a report to be generated daily or at other intervals. You can set up the report to be saved in a specific location, emailed to you, uploaded to an FTP server, saved in a database, or all of those options. To limit the information in the report, you simply set up a filter.