Um - yes?
The event log part runs on the client, dumping the logs each night - part of an archiving requirement we have. Keeps 30 days of .EVT files on the server. It also exports on the local server to a TXT format. Exporting on the local computer maintains the computer-specific messages.
There's a server component that gathers some basic info, along with the exported event logs from the servers. After gathering the data, another process is triggered to generate the reports and send the emails. It's a snapshot of system health, along with a summary of the past 24 hours of the event logs, with all the crap filtered out. Each line in the event log report lists the event ID, how many times it occurred, and displays one random message (ie - if event 123 occurred 47 times, the process picks one of the 47 error 123 events at random to include in the email. The point is to give the admin a clue of how many times a certain kind of message has appeared, and let them determine if a closer examination is needed.
When I was at the Fed, we gathered info from about 100 key servers in several sites around the country. A few connected by T3, but some by T1. Data collection ran on a Compaq DL-380 G1 w/ a single 800MHz processor, and performed most of the collections in about 15 minutes at 100% CPU load. It pulled data from a few very old systems at poorly connected sites, which took about 20-30 minutes to complete. Depends on how many entries there are in the event logs, and the speed of the links, remote computers, etc.. We currently collect data from about 40 servers in two well-connected sites in about 4-5 minutes at 100% load.
About the 100% load - I wrote the process to multi-thread the collections - as many as 35 at a time running independently. I kick off 25, then wait until only 10 processes remain and kick off 25 more.. The idea was to hammer the collection server to get it done as quickly as possible.
There actually is a client-side component that I developed for use in DMZ servers. The client was executed over SSH, and returned all of the data. It could easily be adapted to a full client/server environment. I chose not to because we had restrictions about installing client software.
I can send you a sample report from my home network if you PM me your email.
Glenn
_________________________
Actually I
am a Rocket Scientist!
