Product Reviews

New Insights on Event Logging

RippleTech's LogCaster allows Windows administrators to collect, filter and take action on the most critical events.

• By Michael Feuda
• 10/01/2001

Are you a Windows administrator in charge of monitoring numerous servers and the mission-critical applications running on those servers? If so, you probably spend much of your valuable time checking the event logs and overall status of those boxes. LogCaster by Ripple Technologies offers administrators a way to centrally monitor events, services and performance for multiple Windows-based and TCP/IP host machines. In addition to watching the Windows event log, you can also monitor the contents of a text file like an application's log file. LogCaster also provides you the ability to generate reports for both events and performance.

I installed LogCaster without a hitch in just a couple of minutes. LogCaster uses a client/server architecture, including an Event Dispatcher Server (EDS) acting as a central repository for information and agents installed on various clients. To begin using LogCaster, I launched the LogCaster console. The console's look and feel is very similar to Microsoft Outlook. On the left-hand side are the Dashboard and Configuration tabs. The right-hand side is split in half, with the top portion offering a view of such things as machine-specific events or service status, and the bottom portion showing more details on the current selection. LogCaster provides a handful of sample configuration files for monitoring service and performance on common platforms and BackOffice products, including Citrix Metaframe, Compaq Insight Manager, Exchange, IIS, SQL Server and Proxy Server. You can also set up your own custom Event Watcher rules by right-clicking on an event in the Live Events tab, and selecting "Create Event Watcher Rule." Alternatively, you can easily create a user-defined rule, with a variety of criteria and options.

LogCaster's console is your first stop for event views and configuration options. (Click image to view larger version.)

LogCaster offers a number of notification methods for critical events. You can select from traditional dial-up paging, Internet e-mail, Skytel paging, or SNMP traps. You can use LogCaster to Query, Restart, Stop or Start services for Windows servers, including remote servers. You can also opt to reboot a Windows server with as much as a 10-minute delay. The Tools menu also includes the ability to configure event log management for managed Windows servers. I also liked the ability to take corrective action for specific monitored events, including processing a batch file, executable, command file or Perl script.

LogCaster offers plenty of logging and notification alternatives, as well as good documentation and online help. On the downside, I tend to rely on the right-click mouse button to explore advanced or other property options, but this capability isn't widely implemented in LogCaster. Most tasks are accomplished from the menus instead. LogCaster's strength lies in its flexibility and wide array of customization options, as well as its ability to centralize information from multiple computers in a single interface. Overall, for enterprise event logging, I found LogCaster to be powerful and full of handy options that will help any administrator keep track of mission-critical applications and servers.