EventTracker
EventTracker uses a fully agent-based architecture, perhaps because it provides other monitoring functionality.
EventTracker supports a wide range of alerting options, including email, command execution, SNMP generation, and pop-ups. EventTracker requires you to have its RemoteViewer component open to receive pop-up alerts. Of the three products, only EventTracker includes an alert console that offers acknowledgement and resolution-notes capability. EventTracker is also the only product that provides threshold alerts.
EventTracker's agent pushes the server's event logs in EVT format to a central file server. Alternatively, it will archive them on each server and provide MD5 hashes of the event logs so that you can prove they haven't been modified after they're archived. Using a proprietary application protocol, EventTracker's agent also sends events to the central console, from which you can run reports. You can configure the console to use UDP or TCP, depending on whether you want less burden on your network (UDP) or guaranteed delivery of events (TCP). The ports are documented, so you can pass data through firewalls if necessary.
EventTracker provides some prebuilt reports for common events. The product lets you create detailed reports or summaries and doesn't require you to write SQL. Also, EventTracker provides links to extra details about specific event IDs through its Web-based event-log knowledge base.
In addition to its event-log monitoring functionality—which you can see in Figure 2—EventTracker has many other built-in monitoring features, providing reports on disk and CPU utilization, disk space, software installation, services, Web site availability, system uptime and downtime. Also, EventTracker provides two-way SNMP support for both monitoring for SNMP messages and generating SNMP messages as an optional alert method. Finally, EventTracker lets you schedule reports for regular execution, followed by automatic email delivery to specified recipients.
ServScan
ServScan provides barebones event-log monitoring and alert services but no reporting or log archival features. It's a completely agentless product that can manage remote event logs from one software installation. You can create groups of servers and alert rules so that you don't have to repeatedly redefine your alert logic.
ServScan supports NetBIOS pop-up messages, and, interestingly, ServScan is the only product of the three featured in this comparative review to offer any type of flood prevention. ServScan's only other distinguishing feature is its comprehensive support for sending pages directly via modem. ServScan lets you send alphanumeric pages or numeric-only pages, as Figure 3 shows. Unfortunately, I experienced frequent crashes with the ServScan GUI. However, I had no problems with the service that performs the actual monitoring.
Recommendation
At about $60 a server, ServScan is difficult to recommend even strictly as a monitoring and alert solution. You can spend just a little bit more and get much more functionality, such as Syslog monitoring and the ability to send alerts to a database, with Event Alarm. So the choice essentially comes down to EventTracker and Dorian's suite. But making a recommendation between those two products is difficult because both companies have put a lot of impressive work into their respective products and EventTracker's cost is similar to that of Dorian's suite. Both tools are easy to install and manage. Each product offers unique features that I appreciate. Dorian's modular architecture makes agents optional and lets you report on multiple event logs without requiring a central database. EventTracker packs a lot of functionality above and beyond event-log management—including monitoring text-based log files, performance counters, network ports, and system services—but those features are beyond the scope of this comparative.
If you need to integrate your event-log management solution with other monitoring solutions (or UNIX- or Linux-based systems), or you need to monitor routers and other devices, EventTracker's support of SNMP and Syslog will be important to you. But if you're looking for any combination of best-of-breed event log alerting, reporting, and archiving, Dorian's suite takes the cake. I didn't look at products that focus mainly on the Security log. If you're looking for event-management tools in that arena, check out the tools that Table 2 lists.