1 2 Previous Next 17 Replies Latest reply on Mar 4, 2008 11:34 AM by DaveE
      • 1. Re: Capture Event Logs to Inventory
        SuperMan SupportEmployee

        By default LANDesk Inventory Server Service logs information into Windows application log. You may get more detail information by configuring in the console, Configure | Services | Inventory, check the "Log statistics" option, it will prompt for restarting the inventory service.

        • 2. Re: Capture Event Logs to Inventory


          Thanks for the quick response,  I'm looking though for a way to get event logs off of the pc's in the field with the LANDesk client (LDISCN32.exe) to report up events from the event logs for reporting from the console.  I'm not looking for event logs from the LANDesk server services.



          I know getting all event logs would be to more then I would need but would like to pull specific event id's.



          Thanks in Advance.



          • 3. Re: Capture Event Logs to Inventory
            SuperMan SupportEmployee

            Wow. misunderstood. So far inventory scanner can pick up custom data from Custom Data Form and registry.

            • 4. Re: Capture Event Logs to Inventory


              I suspect that this is actually a place you dont want to go   Since the event logs are updated all the time, you would be collecting all the event logs from all your devices all the time. Whatever sort of database server you use, that would have a very significant impact on its performance. Why not take a step back, define the problem that you are trying to solve and then look and see if you can not solve it with System Manager or Server Manager. These DO give you a way to view event logs on your managed devices, including also the BIOS log. You could then set alerts to tell you when you needed to look at the event log - depending on what it is that is worrying you. This would be a more bandwidth / database friendly approach I think.



              Having said that, I can see that an add in that would allow you to pick up specific events from a log and add them to inventory would potentially be a useful thing to have..






              • 5. Re: Capture Event Logs to Inventory
                zman Master

                I have personally asked for this as an ER.  It would be great to say place the following event id X, in the past X days, with a max of X entries in the DB.  Unfortunately, without scripting I don't think this is possible. If you want it submit an ER. If you want it quick, script 

                • 6. Re: Capture Event Logs to Inventory

                  ..or it becomes a "throw money at it" problem and you use one of the many third party tools to monitor the event logs and send e-mail.  Use the e-mail to start a LPM process and you can do  anything   Its an interesting idea Or use a free eventlog to syslog tool and then a syslog server to monitor the alerts and fire the mail off. I once built somthing similar using the freeware Snare Agent for Windows, and Kiwi 's syslog Daemon. I seem to remember it worked quite well With LPM it would be a very interesting solution... although Im not quite sure what the problem is that we are trying to solve

                  • 7. Re: Capture Event Logs to Inventory
                    zman Master

                    Usually in most shops after you throw money at LANDesk management won't let you throw money at other solutions - LOL.  Granted we are in a somewhat gray area here. However, I think it is an area that we should look into. You guys are looking at trapping GPO information (IMO this is a waste of time), I think this will be more applicable to a larger base of LANDesk users.  Lets say I have a mission critical app - call it APPx. APPx  when it has issues throws an event in the application log - say event ID 666. I personally am not looking for a "real time" event log monitor, but something I can say - hey machine Y has had issues with APPx 20 times in the past month.  This will give you a decent solution (one that we are familiar with, paid for, and works). If you can hook this into the new Flex2 alerting system, now you have something you can market and sell as a solution.  My feeling is more admins would want this in lieu of what GPOs have been applied to a workstation/user. This would be a more proactive function of LANDesk and something that can directly impact Desktop Management ROI.  So do I go into management with a report on GPOs or this    






                    I cant speak for what howke wants.

                    1 of 1 people found this helpful
                    • 8. Re: Capture Event Logs to Inventory


                      In LDMS 8.8 one of the alerting and monitoring options is actually to monitor log files! The limitation is that the log file must be text, which of course the Windows event logs are not. But it gives us a starting point! I used the freeware Snare agent to translate client log files into syslog events and send them to a syslog server. Then I used Kiwi's free syslog server to simply log these to a text file, which I monitored with an alert monitoring set. Not elegant, but free, and I only spend a short time playing with it. There are certainly other tools that will get you there. Somewhere there is bound to be a tool that translates windows events directly to a text log file.



                      Adding System Manager to LDMS gives you the option to view all the log files on managed devices. So using that in combination with some alert that tells you the device needs looking at might work.



                      • 9. Re: Capture Event Logs to Inventory


                        I found that Managed Planet can capture event logs with Executive Report Pack, and only pull back the specific events we are concerned about as suggested by some of you.  We already own some of the Managed Planet modules unfortunately not this one, so I will demo this out and see how we like it, otherwise we'll move to an in house scripted solution.









                        Thanks for all the responses.



                        • 10. Re: Capture Event Logs to Inventory

                          Oops... just to correct myself.. there is a much simpler solution, the 8.8 Alerting also has an option for monitoring OS Logs.. I just didnt see it. That makes a lot of things possible..

                          • 11. Re: Capture Event Logs to Inventory

                            See, if I just wait long enough, eventually things drop off my development to-do list Seriously, I am working on a custom data extension tool that could theoretically inventory event viewer messages as opposed to alerting on them. Still haven't worked out how the user would specify what they're looking for though, and it'll have to be pretty specific for performance reasons.

                            • 12. Re: Capture Event Logs to Inventory

                              ... or find a way to define a custom action to hook into alerting to add machine data into inventory? Inventory is only going to happen once a day or so, and an event log thing is a kind of alert - so maybe alerting is the way to go unless you have a use case where an inventory query might do somting to a device based on alert logs.

                              • 13. Re: Capture Event Logs to Inventory


                                That would be great.  That would be a much better solution then spending money for a 3rd party add on or scripting something in house and making sure it is compatible with each upgrade.  What version are you looking to add this in?



                                I would suggest the user specify what events to query based on event ID # like 26 and then also search the description field for criteria such as "console.exe" not that console .exe would ever crash !http://community.landesk.com/support/images/emoticons/happy.gif!.



                                In response to Ian's statement I would like to see this go into inventory vs. alerts.  Inventory is great for querying how often / wide spread an event is.  I need to see if I'm getting an event on a few machines vs a few thousand.  We can not rely on users to call the helpdesk everytime an app crashes and we need to know actual # of issues for particular applications.  I don't need an event that would trigger an IS person to run out and look at it but rather trend the issue.  The user will just re-launch the app on their own.






                                • 14. Re: Capture Event Logs to Inventory

                                  I can see the value in getting events into a database. Im just not so sure it should be the inventory database? It opens up a whole new area of systems management if we start to manage events. It would be interesting to know that the same unusual condition occured within a certain time window on a number of different machines. A failed logon attempt on one machine is not interesting. A failed logon event on 10 machines is interesting. Combinations of events are sometimes more interesting than the sum of the individual events. Does anyone have any more examples of what we could use event log information for?

                                  1 2 Previous Next