While all this information should make it easy to proactively manage storage and network systems, the problem in most cases is very much one of too much information. Even a medium-sized network can have hundreds of separate logs, and within each of these logs is more information than can easily be digested and operated on. This is where Event Log Management (ELM) tools help out. Examples of ELMs include Adiscon GmbH's Event Reporter; Somix Technologies, Inc.'s Logalot; TNT Software's ELM Log Manager; GFI Software's LANGuard; and RGE, Inc.'s IPSentry.
ELMs aggregate all the information contained in the Event Logs and Syslogs into a single database and present that information in a single interface. While this is easier than having to individually log onto each piece of equipment to view the logs, the real value in ELMs lies in their ability to winnow down the information to a manageable level.
ELMs store all log entries, but since the vast majority of entries are routine items that never need to be seen, the non-essential entries can be configured to not show up on the management console. When something does require intervention, though, administrators can set the appropriate alerting and escalation policies.
New Pig, for example, uses Logalot for ELM. "If you have a problem with a switch and are getting a lot of Cyclic Redundancy Check (CRC) errors, it won't send a hundred e-mails," says Luciano, "but they all get tallied on the bulletin board so I can go there to view them."
Having all alerts available in a single console makes it easier to quickly track down the source of a problem. For instance, knowing that you have simultaneous alerts from the Intrusion Detection System and from the database server indicating excessive CPU utilization provides a quicker answer to what is happening than if you had to track down each individually.
"Before, it was a matter of not really knowing what was going on or why things were happening," Luciano says. "Now, when the IS manager wants to find out what is going on with the network, she can go to the bulletin board and see all the active situations that are going on."
With storage growing at 50 to 100 percent annually in many organizations, ELM tools certainly won't solve all problems. They do, however, simplify the often overwhelming business of dealing with multitudes of alerts, alarms, and events. ELMs allow the administrator to set alerting parameters for storage resources (such as disk space, fragmentation levels, and disk performance criteria) and gather those alerts into one central repository. At the end of the day, that means the most vital alerts come to your immediate attention while the abundance of duplicative or less important events remain hidden until you need to drill down further to learn more about specific situations.
This article originally appeared on Enterprise IT Planet.