Learn IT, and Deploy IT: How to consolidate your Microsoft log files

Tuesday DECEMBER 2nd 2-5 – Microsoft in San Francisco

I’m working with a company that has 15 servers, a firewall, spam filter, and many core applications. The servers, firewall, spam filter all generate log files. The problem I face as an IT Admin is I do not have enough time to read through all of the log files. The other problem I have is all of the log files have slightly different formats, so even if was able to consolidate all of the log files, how do I search through them looking for specific events? (Like a security breach or power hick-up.) Sound familiar?

I found one. And not only does it consolidate Microsoft server log files, (the log files you use Event Viewer to look at: Application, Security, System Log), it will also “read” in application logs, (such as SQL, Exchange, Antivirus), and syslogs from appliances (firewalls, spam filters), routers and almost anything else that generates a log file.

Using one simple easy to use interface I can now view all of my log files and even graph out historical events. I’m thinking if I have this need, my fellow IT Professionals must have the same need too.

I contacted the company that created this program Splunk, and asked them if they would do a Learn IT, and Deploy IT class for Pac IT Pros members. Not only are they going to do a live hands-on deployment class they you will leave with a free copy of Splunk for you to use at work. The copy of the software you receive is fully functional; It is not time bombed. There is one limitation; the size of the consolidated log file has a 24hr day size restriction. For most small and mid-size businesses this will not be an issue unless you have a device gone crazy generating events like crazy. The next day Splunk will be fully functional.