Event Scavenger can monitor the event logs of multiple servers. It was created out of a need to monitor the event logs of multiple servers and have a global view of what's happening at the same moment of time. It saves the logs into a database where it makes reporting and manipulating the data easier.

Event Scavenger is a global name of a whole system that consists of 4 parts: SQL server database, Windows service (collector), Admin tool and a viewer application.
1. Database - The database has a fairly simple structure with only a couple of tables to hold all the necessary data.
2. Windows service - Also called a collector. This is a relatively simple Windows service that simply gathers the contents of event logs and insert them into the database. It is self maintaining and also performs maintenance(archiving etc.) of the data plus recycle threads. It can also imports logs stored in other EventScavenger databases and copy to its own database. The system allows for multiple collectors to populate a single database. Each collector must run on a separate machine though.
3. Admin tool - This is a simple Winforms application to managed the database and settings.
4. Viewer - This is a Winforms application that is the main front end of the system. It has some powerful filtering and searching capabilities. It also allows you to analize data using a special grouping control to give an aggregated view of data. Additionally it can export data for further analysis in an application like Excel for creating graphs etc.

1. Viewer application
The viewer gives you a view of all selected 'machine-logs' at a specified time. It provides several ways to filter and/or highlight data. You can also set up predefined views that specify a set of filters for reuse. There is also a top x filter that can be changed that limit the number of records returned from the database.

2. Filters
The application allows you to filter data by event type, machine-logs, event sources, event id's, from and to date/time and also text inside an event log message. Additionally you can set a filter based on currently selected entries (like 'only show similar' or 'exclude entries like these'). You can also save the current set of filters to a new view for reuse.

3. Highlighting
Entries can also be highlighted based on machine-log, event-sources and/or event id's. This makes it easier to spot similar entries.

4. Grouping
As from version 3.3.0 the viewer supports grouping the results shown. This is useful for finding related entries more quickly. Collapsing and expanding the groups are supported as well under Vista and Windows 7 (and onwards) - the reason is that the ListView control from earlier versions of Windows does not support this functionality. Grouping can be done on the following fields: * Machine name * Log name * Type * Source * Event ID * Month * Day * Hour * Summary

5. Exports
The application allows for exporting selected or all data currently displayed to csv format. This can then analyzed further in Excel to create graphs or summary data for reports.

6. Analyze data
A customized list control allows for viewing data in a summarized view. It allows for dragging and dropping of columns and group by fields.

7. Auto refresh
The application can be set up to automatically refresh if needed. This is useful if you need to wait for some events to happen.

8. Collector (Windows service)
The service is responsible for gathering the event log data. Each event log gathered is done on a separate thread so any problems gathering that event log will not affect others. The gathering of logs is optimized to only collect new entries since the last time it was read (and successfully saved). The service also create separate threads for maintenance, archiving and importing foreign logs (if configured to do so).

9. Collectors and machine-logs
The system allows for multiple collectors (service instances) to gather data into a single database. Each 'machine-log' is 'assigned' to a collector that is responsible for gathering its content. This is useful for when one collector cannot access a certain event log due to any reason like security or location. A 'machine-log' entry can also be disabled stopping any data collection from that event log. The polling frequency for each machine-log can also be configured separately.

10. Stability
This is one very strong point that has a proven track record. Instances of the collector service has been running for up to 4 years - sometimes months continuously and the only reason it had to be restarted was because something else on the server required a restart. It is actually in use in a production environment and used by real people.

The following steps describe a general 'new' installation set up. To do an upgrade look at the 'Database\Change Scripts' directory
A Database
1. Create the database using the sql script (EventScavenger_Database) provided. You may have to edit the database create script if you want to specify a different database location.
2. Create tables: EventScavenger_Tables
3. Create stored procs and functions: EventScavenger_StoredProcs
4. Create Views: EventScavenger_Views
5. Add default settings to database: EventScavenger_SettingDefaults

B Service
1. Install the service: run InstallUtil.exe EventScavenger.exe (remember to run under administrative mode on Windows7/2008+) Sample provided but it is better to run it from the command line yourself.
2. When prompted for the user account to run the service under specify an account that has access to all the event logs that need to be read.
3. Edit the EventScavenger.exe.config file : set up SQL server, database (if different) and Collector name. Remember that the Collector name must be exactly the same as the one in the database.
4. Only start the service once the database has been configured and the admin tool has been used to set up Collector(s) and some event logs to poll. If you set up any additional collectors remember to disable maintenance stuff in the config file for the other instances.

C Admin tool
1. Install the admin tool
2. Run the admin tool and specify the SQL server (and instance if needed).
3. Add Collector(s) and event logs as needed.
4. Set up maintenance as needed.

D Viewer
1. Install viewer (only after collector service and admin tool have been done)
2. Just run it after specifying login details

Requirements:
* NET Framework
* SQL Server

The license of this software is Free, you can free download and free use this log analyzer software.