Monitoring windows logs | Unix Linux Forums | UNIX for Dummies Questions & Answers

  Go Back    


UNIX for Dummies Questions & Answers If you're not sure where to post a UNIX or Linux question, post it here. All UNIX and Linux newbies welcome !!

Monitoring windows logs

UNIX for Dummies Questions & Answers


Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 07-20-2013
SkySmart SkySmart is offline
Registered User
 
Join Date: Dec 2006
Last Activity: 11 December 2014, 6:13 PM EST
Posts: 655
Thanks: 418
Thanked 2 Times in 2 Posts
Monitoring windows logs

is it possible to monitor log files that are on a windows server, from a linux/unix host?

i'm thinking that the directory that the files are located in on windows can be be mounted on the linux host, and then a script or tool can just monitor the log as though it were local?

any thing wrong with this thinking? please suggest to me other methods i can try.
Sponsored Links
    #2  
Old 07-21-2013
bakunin bakunin is offline Forum Staff  
Bughunter Extraordinaire
 
Join Date: May 2005
Last Activity: 17 December 2014, 5:14 PM EST
Location: In the leftmost byte of /dev/kmem
Posts: 4,370
Thanks: 47
Thanked 852 Times in 673 Posts
Quote:
Originally Posted by SkySmart View Post
is it possible to monitor log files that are on a windows server, from a linux/unix host?

i'm thinking that the directory that the files are located in on windows can be be mounted on the linux host, and then a script or tool can just monitor the log as though it were local?
That will work perfectly. Windows and Unix use different protocol stacks, so you need some software. In the TCP/IP-world there is NFS, which is used to mount remote (parts of) filesystems locally. The respective protocol in NetBIOS (the protocol stack Windows uses) is called SMB.

Either use a NFS server daemon for Windows to export the part with the log files and then NFS-mount it on the Unix system or install a SMB-client on the Unix system to mount the (SMB-)shared Windows drive. Example products for the former would be FreeNFS, an example for the latter would be SAMBA. I am sure there are other similar products for both options too.

I hope this helps.

bakunin
The Following User Says Thank You to bakunin For This Useful Post:
SkySmart (07-21-2013)
Sponsored Links
    #3  
Old 07-21-2013
SkySmart SkySmart is offline
Registered User
 
Join Date: Dec 2006
Last Activity: 11 December 2014, 6:13 PM EST
Posts: 655
Thanks: 418
Thanked 2 Times in 2 Posts
Quote:
Originally Posted by bakunin View Post
That will work perfectly. Windows and Unix use different protocol stacks, so you need some software. In the TCP/IP-world there is NFS, which is used to mount remote (parts of) filesystems locally. The respective protocol in NetBIOS (the protocol stack Windows uses) is called SMB.

Either use a NFS server daemon for Windows to export the part with the log files and then NFS-mount it on the Unix system or install a SMB-client on the Unix system to mount the (SMB-)shared Windows drive. Example products for the former would be FreeNFS, an example for the latter would be SAMBA. I am sure there are other similar products for both options too.

I hope this helps.

bakunin
thank you so much. the one problem i foresee with this is, isn't it a bad idea to be reading files off NFS? considering it can cause network issues? I/O?

i remember a while ago reading a data file off NFS. i wondered why it was taking soo long to read the file. but when i moved the data file over from the nfs drive to the local server, the file was read very quickly.

if i'm going mount the windows log files on NFS or anything similar to it, what can i do to make sure i can read the log files just as fast as i would be able to do locally? are there other problems you experts can anticipate?

i presume reading files off NFS wouldn't/shouldn't be an issue on the right hardware. but then the question becomes, what is the right hardware?
    #4  
Old 07-21-2013
bakunin bakunin is offline Forum Staff  
Bughunter Extraordinaire
 
Join Date: May 2005
Last Activity: 17 December 2014, 5:14 PM EST
Location: In the leftmost byte of /dev/kmem
Posts: 4,370
Thanks: 47
Thanked 852 Times in 673 Posts
Quote:
Originally Posted by SkySmart View Post
thank you so much. the one problem i foresee with this is, isn't it a bad idea to be reading files off NFS? considering it can cause network issues? I/O?

i remember a while ago reading a data file off NFS. i wondered why it was taking soo long to read the file. but when i moved the data file over from the nfs drive to the local server, the file was read very quickly.
Generally said, this is the problem with any complex thing: the more parts it consists of, the more opportunities are there for something to go wrong. Sledge hammers tend to have less operational errors than computers, so to say. ;-))

Of course, when you set up NFS (or any other file sharing system with a similar functionality) you have to make sure the network between the two systems works reliably. Furthermore, you have to make sure the DNS system is responding reliably and quickly, because name resolution is used heavily inside the NFS parts and the longer a single name resolution takes the (preceptibly) slower the observable speed of the file transfer is.

Of course, neither do i know your network nor your systems, so i cannot tell you what went wrong in your case. But my general experience is that misconfiguration and/or sloppy setup is the culprit much more often than failing hardware. To expand on what i said above: suddenly failing NFS mounts can often be traced back to network cards set to the wrong speed (like "100/Full Duplex" instead of "100/Half Duplex" or vice versa), unreliable DNS services, etc., etc.. You can't evade such problems with more hardware set up equally sloppy, only with a better work ethic.

Many problems stem from a tendence to confuse a problem without apparent symptoms with a problem solved: if a problem in some operation takes place and suddenly this problem is gone, you haven't solved it, you have just stopped to see the symptom. The problem is solved only once you understand fully why you do not experience any symptoms any more - not any sooner.

But i am digressing. Generally NFS is a quite reliable method. You should not use it for the distribution of high-security data, because it is prone to network sniffing and it won't support ACLs without some very complicated extra configuration. If you have such data i suggest using sftp , scp , NFS over a securified VPN or something such. Just to distribute logs it is good enough and the provisioning system on the Unix flavour i work most - AIX's NIM - is even bassed on it. IBM wouldn't have done that if it can't be brought to work reliably.

I hope this helps.

bakunin
The Following User Says Thank You to bakunin For This Useful Post:
SkySmart (07-22-2013)
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Script for monitoring logs Arasu Shell Programming and Scripting 3 07-17-2013 02:39 PM
How to send AIX logs to windows thecobra151 AIX 2 03-09-2011 03:51 AM
How to view the unix logs in windows ?? dashok.83 UNIX for Advanced & Expert Users 0 05-15-2009 11:52 PM
Log monitoring in windows er_ashu Windows & DOS: Issues & Discussions 2 01-05-2009 10:31 AM
Perl Scripting for monitoring logs solitare123 UNIX for Dummies Questions & Answers 1 06-25-2008 07:49 AM



All times are GMT -4. The time now is 04:30 AM.