Date: Thursday, September 11, 2008
Time: 11:00 AM PDT/ 2:00 PM EDT
Duration: 1 hour
Speakers: Chima Njaka, Director Product Management, LogLogic

Join LogLogic as we introduce the LG 400 gateway appliance. The LG 400 allows organizations to centralize Windows Event log collection and eliminate the need to manage individual agents on monitored Window devices. The LogLogic LG 400 is a gateway collection appliance designed to leverage the capabilities of LogLogic’s Lasso software. Using the LG 400 gateway appliance, enterprise customers can centralize their Windows Event log collection and eliminate the need to manage individual agents on monitored Windows devices.

Register Now!

Learn how the LG 400 can help you:

• Reduce maintenance costs and the impact on storage and processing of monitored servers
  

We just released a minor Project Lasso update, version 4.0.5, to SourceForge.

Loglogic Windows Event Collector 4.0.5 contains the following improvement relative to LogLogic Windows Event Collector 4.0.4:

• Resolved an issue where event message 642 is collected but some fields appear empty on the server, preventing alerting on the event. The fix also resolves empty fields appearing for other event logs. (15893)

As a Windows NT/2000 Infrastructure Engineer in my past life (while working for a major search engine) I found myself scratching my head when I was told that we, LogLogic, did not have Windows support. My reaction was: “Well... wait, what?” I couldn’t fathom why we were not logging the biggest gorilla in the server market. But of course... that was over three years ago, and things have changed quite a bit.

LogLogic now, and for the last 2+ years, has had full Windows parsing support, but the question often comes... “How does LogLogic gather Windows logs?”

This blog entry is a short piece to talk about the options available currently for Windows logging, and some of the challenges you may face, with, or without, a LogLogic appliance.

We recently installed Lasso as a pilot on one of our systems with NewHostSkipHistorical set to 1 in lasso.ini. After a scheduled daily reboot, Lasso dumped the Application logs going back several months. The next night, Lasso grabbed all of the historical Security logs after the daily reboot. My theory is that the log files are at their maximum limit, and the overwriting of the oldest events is setting the high water mark to a point at the front of the file. Even though the events beyond the water mark are older, they come after the marker and are therefore read at reboot.

My understanding of the event log file structure is limited, so I could be completely wrong. But I have two questions.

If I'm right, and the high water mark does wrap to the front of the file, do I get to see all of the old logs after the high water mark wraps each time?

We just released Project Lasso 4.0.4 to SourceForge.

Loglogic Windows Event Collector 4.0.4 contains the following improvement relative to LogLogic Windows Event Collector 4.0.3:

• Resolved several issues where a memory leak occurred during Project Lasso message file collection. (15768)
• Resolved several issues where potential memory leaks could occur during Project Lasso event log collection when certain error conditions occurred. (15860)