Network Event Viewer - Event Log Consolidation
Network Event Viewer enables System Administrators to consolidate event logs on the local network and from multiple sites (WANs) using Microsoft SQL Server or MySQL as the event log repository.
Unlike many event log consolidation products, Network Event Viewer's database schema is open and simple to select from.
Archiving
Event log consolidation is an important and often requirement of regulatory compliance such as Sarbanes-Oxley.
System administrators can configure the software to automatically archive event log entries older than a configurable number of days.
Entries that meet specific date criteria are automatically removed from archive event logs.
When using the file system to store consolidated logs, entries are moved to files in a sub-directory to the repository directory called Archive.
When using a database to store consolidated logs, entries are moved to another table called [computer]_[event log]_archive.
The table format is identical to the primary table.
No Maximum Size Limit
Unlike the Windows Event Logs which have a maximum size limit, Network Event Viewer does not impose a limit, unless otherwise configured by the user.
In other words, users do not need to worry that event log entries will be overwritten as is the case with Windows Event Logs.
Supported Event Log Consolidation Formats
- Microsoft SQL Server 2000 & 2005
- MySQL 5.0
- Local or Remote Files
Microsoft SQL Server Database Schema
The database schema is fairly straight forward. There are 4 tables plus a table for each event log file.
Tables
| host_log | Contains a list of all consolidated event logs. |
| type | Contains the 5 different event types: Information, Warning, Critical, Success Audit, and Failure Audit. |
| filter_action_event | Contains all entries that pass assigned filter criteria during a download. |
| version | A version table necessary for schema updates. |
Event Log Table Schema
| [entry_id] [int] IDENTITY(1,1) NOT NULL | The primary key. |
| [type_id] [int] NOT NULL | Foreign key to the 'type' table. |
| [date] [datetime] NOT NULL | The date and time the event occurred. |
| [source] [varchar](256) NULL | The source of the event. |
| [category] [varchar](256) NULL | The event category. |
| [event] [int] NULL | The event ID as seen in the Windows Event Viewer. |
| [user] [varchar](256) NULL | The user that caused the event to occur. |
| [message] [varchar](4096) NULL | The event message |
| [data] [varbinary](2048) NULL | The event data |
| [ext_alert_state] [int] default 0 NOT NULL | An alert flag that states if the entry passed assigned filter criteria during a download. |
| [ext_flag_state] [int] default 0 NOT NULL | Follow up flag set by the user from the event log viewer. |
| [identifier] [bigint] NULL | The event ID. |
| [categoryID] [int] NULL | The event category used when exporting event logs to the Windows EVT file format. |
| [strings] [varbinary](4096) NULL | The event replacement strings used when exporting event logs to the Windows EVT file format. |
| [notes] [varchar](4096) NULL | User assigned notes. |
| [host] [varchar](256) NULL | The host the entry is was originally sent from. |
Event Log Consolidation and Monitoring Screen Shots
