Recently I was looking for a tool that tells me when a certain event was logged in the Windows eventlog on our servers. Those programs are usually called eventlog monitoring tools. So I searched at download.com, tried a couple of solutions and finally chose EventMeister.

It is easy to use and has all the functions I need. However it costs $99 USD. But I think it is worth its money. I didn’t find a free a tool that is comparable to it.

You can access all the eventlogs of your servers (and also workstation if you need to) with one tool. But be prepared that it might take a while to synchronize the data with the database on your local machine. Therefore, an important function of any eventlog monitoring tool is that it allows you to limit the number of items downloaded. Otherwise you might end waiting for ages even with a fast network connection to your servers.

Another primary feature is the filter. The eventlogs of a server usually contain hundres of entries and it is often not easy to find what you are looking for. So you configure your tool to show only items which fulfil certain criteria like the event ID, the date and so on. You can do this also with theWindows Event Viewer, but the filter of EventMeister is somewhat user friendler. A list of the event sources is missing though. But EventMeister enables you to combine different filter methods to one filter which helps with more difficult search scenarios.

The reasons why I was looking for an event monitoring tool in the first place was that I wanted to get notification when certain events happened on our servers, for example when someone is logging in with an administrator account on a certain server or for monitoring unstable applications etc.

This feature is what I like most about EventMeister compared to other tools I tested. You can add several servers to one notification definition, combine different filters with various additional criteria. One that is really important is the number of matches within a defined time frame. If you don’t configure this you will get too many notifications at once. For instance if someone is logging on to a server several events with the same event ID will be logged within seconds. EventMeister will inform you only once even though multiple events fulfil your filter criteria. You can choose between popup windows or email notification. You can also start a specifiable application or let EventMeister create a log file where those events will be noted.

I did not discuss all the features of this useful tool. For more information check out the Web site of EventMeister. You can get 30 day trial version with full functionality there. By the way, “meister” is a German word and means master. I think this product sure lives up to its name.