Many system monitors rely on event logs as an information source. You can also benefit from this data and there are many free and paid system management tools that will run off your event log store. SIEM tools, for example, require event log storage in order to function.

All you need to start exploiting event log information is an event log server that can store event log messages in a meaningful file and directory structure.

Here is our list of the nine best remote event log management software:

  • SolarWinds Security Event Manager EDITOR’S CHOICE  Log-based SIEM tool that has strong log file management features. The event log management services in this tool make it a good option for those requiring record storage for data standards compliance. Download a 30-day free trial.
  • ManageEngine EventLog Analyzer (FREE TRIAL) An on-premises log management system that provides audit trails for data protection standards compliance. Runs on Windows Server and Linux. Start a 30-day free trial.
  • ManageEngine Log360 (FREE TRIAL) A SIEM package that includes a log collection and management service with automated and manual data analysis tools. Runs on Windows Server. Start a 30-day free trial.
  • Papertrail (FREE TRIAL) A cloud-based system that includes analysis features and file archiving.
  • Loggly (FREE TRIAL) A log analyzer that can be used to consolidate event log messages from several sites.
  • Paessler PRTG Log Monitor (FREE TRIAL) An all-in-one network, server, and applications monitor that can collect event log messages from any site.
  • Datadog Log Collection & Management A SaaS log manager that can receive and file event log messages and works well in combination with the Datadog Ingest for archiving.
  • Logstash A free data gathering tool that forms part of the Elastic Stack (ELK).
  • Sematext Logs A hosted implementation of ELK with a highly customized interpretation of Kibana. It can be subscribed to just for log management.

Event log management

Log files are also important for data security compliance standards. You need to capture and store all log messages, including event logs, in order to prove compliance. Not only do you need to store those messages, but you need to be able to make them available for searches by a compliance auditor at a moment’s notice.

Event log management involves more than just capturing and filing event log messages. You also need to be able to retain those messages for long periods – the exact retention period depends on the data security standard that you are implementing.

A standard commercial Windows-based system generates a lot of event messages each day. Storing these messages results in a large volume of data. So, you also need to be able to archive older files, while making it possible to bring them back to current storage on demand. The event log manager you choose should include searching and viewing feature and also be able to rotate logs so each file is of a manageable size.

The event log manager should have a meaningful strategy on log file storage structures and file naming conventions to make the Event logs from a particular part of the system on a specific day easy to locate.

The Best Remote Event Log Management  Software

1. SolarWinds Security Event Manager (FREE TRIAL)

Our methodology for selecting event log management software 

We reviewed the market for remote event log management systems and analyzed tools based on the following criteria:

  • Opportunity to consolidate event logs from multiple sites
  • Connection security for internet-based data transfers
  • Logfile management
  • Log viewer
  • Analysis features
  • A free trial or a demo service for a no-cost assessment period
  • Good value for money, represented by an efficient, time-saving log management tool that is reasonably priced

With these selection criteria in mind, we have identified competent event log collectors that can centralize the management of log files

SolarWinds offers a number of tools that manage event logs. Of these, the Security Event Manager is the best option. However, as with all free versions, that solution has limitations. The main reason why any business would need to step up from the Event Log Collector to the Security Event Manager is that the log collector lacks an archiving feature.

Key Features:

  • Collects Windows Events and Syslog messages
  • Interfaces to applications
  • Log consolidator
  • SIEM system
  • Manual log analysis facility

One of the main reasons any business has to store event log records is in order to comply with data security standards. This requires those event log messages to be stored for a very long time – the mandatory retention period differs from standard to standard.

The Security Event Manager isn’t just limited to collecting log messages from Windows environments. It is also able to collect Syslog messages and firewall log data. The log message server gathers messages through a series of “connectors.” Each connector specializes in a specific log messaging standard, so if you only want to gather Event messages, you would just activate that connector.

All collected messages are filed in an accessible folder structure with parallel validity checks performed on each message as it arrives. Log files are protected from tampering through file integrity monitoring.

As well as log file management and archiving, the Security Event Manager includes a log record viewer. This includes sorting and searching features, which are necessary utilities that your business will have to provide to compliance auditors.  This feature and pre-written reports support compliance to HIPAA, PCI DSS, SOX, ISO, NCUA, FISMA, FERPA, GDPR, GLBA, NERC CIP, GPG13, and DISA STIG.

The SolarWinds Security Event Manager installs on Windows Server. Although it is on-premises software it is not limited to operating on the local network. It is able to receive event messages from remote sites. You can access the Security Event Manager on a 30-day free trial.

Pros:

  • Enterprise focused SIEM with a wide range of integrations
  • Simple log filtering, no need to learn a custom query language
  • Dozens of templates allow administrators to start using SEM with little setup or customization
  • Historical analysis tool helps find anomalous behavior and outliers on the network

Cons:

  • SEM Is an advanced SIEM product built for professionals, requires time to fully learn the platform

2. ManageEngine EventLog Analyzer (FREE TRIAL)

EDITOR’S CHOICE

SolarWinds Security Event Manager is our top pick for remote event log management because it includes archiving, a log file viewer, and pre-written reports that all help prove data security standards compliance. Message validation and log file integrity monitoring add extra security features to this log management system that will delight any compliance auditor.

Start 30-day Free Trial: solarwinds.com/security-event-manager

OS: Windows 10 and later, Windows Server 2012 and later, Cloud-based: Hypervisor, AWS and MS Azure

ManageEngine EventLog Analyzer is a log management system that provides data collectors, a log server, a consolidator, and a filing system. The package is able to merge records written in different formats, which include Windows Events and Syslog. Arriving messages are displayed in the console of EventLog Analyzer and log records can also be read back into the data viewer of the dashboard from files.

  • Log server and consolidator
  • Statistical analysis
  • Log data analyzer

The data viewer in the package includes analytical features, such as search, group, and sort. This supports the manual analysis of data. The package also includes automated analysis in the form of statistical data, such as message arrival rates per type and source. The package includes templates that provide prewritten threat detection rules.

The identification of a problem or a threat triggers alerts. These can be forwarded as emails, SMS messages, or posts to PagerDuty or Slack. This enables the support team to get on with other tasks, leaving the EventLogAnalyzer to monitor standard activity.

There are also templates in the package that produce compliance reports from the collected log data.

ManageEngine EventLog Analyzer installs on Windows Server and Linux. It isn’t limited to collecting logs from its host, so if you run the package on Windows Server, you can also collect logs from Linux systems across the network. You can get a 30-day free trial of the EventLog Analyzer.

  • Compliance reporting

  • Audit trail

  • Log management

  • Live log message display

  • Historical analysis feature

  • No cloud version

ManageEngine EventLog Analyzer Start 30-day FREE Trial

3. ManageEngine Log360 (FREE TRIAL)

ManageEngine Log360 is a security information and event management (SIEM) package that focuses on detecting intrusion on a network and its endpoints. The tool performs this task by gathering and consolidating log messages from around the network. So, as well as a security tool, this package provides a log management system.

  • Log collection and consolidation
  • Statistical analysis
  • Threat detection

The Log360 system is very similar to ManageEngine’s EventLog Analyzer (above) except that it also takes live network activity data as an input. The log collector can interact with applications to extract activity data as well as picking up the standard Windows Events and Syslog messages that circulate around your network.

The package includes prewritten searches that automatically sift through arriving data. It is also possible to create your own threat detection rules. Searches are enhanced by a threat intelligence feed, which enables the threat detection system to focus on indicators of current hacker attack campaigns.

Remediation automation is implemented by forwarding notifications through service desk tools, such as ManageEngine ServiceDesk Plus, Jira, and Kayoko. This lets your ticket management system’s routing rules deliver threat notifications through to the relevant specialist technician.

ManageEngine Log360 will run on Windows Server. However, it can also collect logs from Linux computers across the network. You can examine the Log360 system with a 30-day free trial.

  • Threat intelligence feed

  • Identifies changes to critical files

  • Integrates with service desk systems

  • Gathers performance data from applications

  • Pre-written threat detection rules

  • Not available for Linux

ManageEngine Log360 Start 30-day FREE Trial

4. Papertrail (FREE TRIAL)

Papertrail is a SaaS log manager, so, as a cloud-based system, it can gather event log messages from all of your sites. The service is a log aggregator, which means that it standardizes and centralizes all log messages wherever they came from and in whatever format. It is able to store Syslog messages as well as event log messages and can put them both into a common format.

  • Cloud-based
  • Consolidates Windows Events and Syslog messages
  • Log archiving

Once log messages have been standardized and filed, they can easily be searched and sorted through the Papertrail search facility.

Papertrail operates both a live store and an archive facility. Archives can be brought back for searching at any time, which is great for pleasing compliance auditors. The length of time that log files are current or retained in archives depends on the plan you choose.

Papertrail is available in six plans with data processing capacities ranging from 1 GB to 25 GB per month. Log files are held live for one or two weeks and archives are held for one year. It is also possible to ask for a customized service that adjusts these features.

There is a free trial version of Papertrail, which makes data searchable for 48 hours and retains archives for seven days. This has a throughput of 16 GB for the first month, then 50 MB per month thereafter. Learn more about what you get with the free trial.

  • The cloud-hosted service help scale log collection without investing in new infrastructure

  • Encrypts data both in transit and at rest

  • Backup and archiving is automatically done, and part of the service

  • Uses both signature-based and anomaly detection for the most thorough monitoring possible

  • Includes a free version

  • Time must be invested to fully explore all features and options

Papertrail Start FREE Trial

5. Loggly (FREE TRIAL)

Loggly is a cloud-based service that is able to gather log records from any site, including event log messages. The service is charged for by subscription and there is even a free service.

  • Cloud-based
  • Multiple site monitoring
  • Free version

The Loggly system consolidates log file messages so they are converted into a common format before being written to a file. The user is able to view all log messages as they arrive and then those records are available for sorting, searching, and viewing in the Loggly dashboard. The retention period for analysis depends on the plan.

The free version of Loggly is called Lite. It will process 20 MB of data per day and retains records for seven days. The Standard version handles up to 1 GB of data per day and has a 15-day retention period. The Pro version is adjustable and will process between 1 GB and 100 GB per day. The retention period can be set between 15 and 30 days. The Enterprise plan is a customized service, so processing and retention limits are set by negotiation.

Both the Standard and Pro plans are available for a 14-day free trial.

  • Lives in the cloud, allowing syslogs servers to scale regardless of onsite infrastructure

  • Setup is easy, no lengthy onboarding process

  • Can pull logs from cloud platforms such as AWS, Docker, etc

  • Data is immediately available for review and analysis

  • Offers a completely free version with limited retention

  • Would like to see a longer 30-day trial

Loggly Start 14-day FREE Trial

6. Paessler PRTG Log Monitoring (FREE TRIAL)

Paessler PRTG is a collection of monitoring utilities. Each of them is called a “sensor.” One of the sensors in the package is called the Windows Event Log Sensor. This tool collects event log messages and files them. The service can store messages and access them for up to 365 days.

  • Collects from cloud platforms and multiple sites
  • Log arrival statistics
  • Free plan available

It is possible to watch event log messages as they arrive. Records can be loaded into a viewer in the PRTG dashboard for searching and sorting. This facility is ideal for those who need to provide access to records to a compliance auditor. The system doesn’t include an archive mechanism.

The dashboard for the Windows Event Log Sensor includes a dial that displays the arrival rate of event log records. It is possible to set a threshold of throughput that acts as a warning level, triggering an alert.

Paessler PRTG is able to include cloud servers and remote sites in its monitoring system. This makes it ideal for centralizing all event log records for a multi-site business. Paessler PRTG is charged according to the number of sensors that are activated. The system is free for up to 100 sensors. You can get a 30-day free trial of PRTG with no limit on active sensors.

  • Allows users to customize sensors to meet their specific needs

  • Free version allows monitoring with up to 100 sensors, great for smaller businesses

  • Offers both on-premise and cloud versions

  • A great choice for companies looking to also monitor other aspects of their business such as networks, applications, or infrastructure

  • Can take time to learn the platform, PRTG is rich with features and designed for enterprise use

Paessler PRTG Start 30-day FREE Trial

7. Datadog Log Collection & Management

Datadog is a cloud-based system monitoring service that is marketed in a series of modules. The service includes two products that are excellent choices for remote event log management. These are Ingest, which collects the log messages and files them, and Retain or Rehydrate, which manages the archives. The Ingest system includes a “live tail” feature, which displays all log messages in the console as they arrive.

  • Log collection and archiving modules
  • Multi-site reach
  • Gathers Syslog and Windows Events
  • Application log colleciton

As a cloud-based system, the Datadog Ingest service can collect log messages from anywhere, not just the site of your IT department. It can consolidate records from all sites into a common file or separate messages for each location – it all depends on the way you set the data collection system up. The service isn’t limited to collecting event log messages because it can also collect Syslog messages and proprietary log messages from a long list of vendor equipment and software.

The Ingest system doesn’t store records – you connect it to your own data store, which can be on-premises or in the cloud. The Retain or Rehydrate service does include storage with a retention period of up to 60 days. This length of time isn’t long enough for data security standards requirements, so you will still need to arrange a backup storage server for archives.

The Log Rehydration service manages access to archive logs, which is necessary for compliance audits. Both Ingest and Retain or Rehydrate are available for 14-day free trials.

  • Supports live log collection as well as long term archival options for SIEM solutions

  • Can monitor both internally and externally giving network admins a holistic view of network performance and accessibility

  • Allows businesses to scale their monitoring efforts reliably through flexible pricing options

  • Would like to see a longer trial period for testing

8. Logstash 

Logstash is part of Elastic Stack, which is also known as ELK. The L in ELK stands for Logstash, the E stands for Elasticsearch, and the K stands for Kibaba. These three tools can be used together or individually, While Logstash is a log file server, Elasticsearch provides record searching utilities and Kibana is a data viewer and frontend for the whole stack.

  • Free to use
  • Paid cloud version
  • Consolidates logs of different formats

The purpose of Logstash is to be a data receiver. You have to set WMI to forward all event log records to your Logstash implementation. So, it is possible to forward event log messages from several sites to one central Logstash receiver. This connection is facilitated by an EventLog plugin for Logstash.

All three tools in ELK are free and open source. Kibana is particularly widely used because it can interface for many different data analysis engines. It is probable that you would use Kibana and Elasticsearch to provide access to your stored event log files.

Logstash has capabilities to manage many different types of data so you could end up using it for other record collections and not just event logs.

Logstash is able to split existing files and you can set it up to rotate log files by date or message source. It will even manage a meaningful directory structure to make files easier to manage.

9. Sematext Logs

  • Great user interface, highly visual with easy to navigate toolbar

  • Part of the Elastic Stack, leverages a large open-source community

  • Supports gathering information from cloud sources like AWS

  • Uses Elasticsearch for filtering, one of the most flexible search tools available

  • Must install plugins for every data type you collect

  • No paid support option, bugs and issues are resolved by the community

Sematext offers a hosted version of ELK. You get Logstash, Elsticstack, and Kibana in this package and it’s a great combo for collecting and managing event log messages from anywhere. It might seem a bit strange that people would pay Sematext for access to ELK, which is otherwise free. However, not all organizations have the skills onsite to install and manage technical software, So, Sematext is a bundle of server, software, and expertise that a non-technical organization would gladly pay for.

  • Hosted ELK (Logstash)
  • Cloud-based
  • Consolidates different log formats

Sematext has customized Kibana beyond recognition to create its own dashboard for customers to access data. Arriving event log messages are shown on the screen and pre-written Elasticsearch queries are shown as buttons and controls in the Sematext dashboard. This service is primarily geared towards security monitoring but the system collects and stores log messages as its primary activity.

Sematext Logs is a subscription service, available in three plan levels: Basic, Standard, and Pro. The Basic service is free forever but it is limited to processing 500 MB of data per day. Its retention period is seven days. The standard and Pro services have adjustable data throughput and retention periods. The Standard service offers retention for 7 and 15 days and daily throughput volumes of 1, 5, or 10 GB. The Pro plan can go up to 150 GB of data per day and a retention period of up to a year. Both the Standard and Pro plans are available for a 14-day free trial.

  • Uses Elasticsearch for flexible query options

  • Supports data outside of just event logs such as SNMP reports

  • Supports threshold-based alerts, ideal for maintaining SLAs.

  • Has a freeware version for testing

  • No on-premise version

  • Relies on Kibana for data visualization

Choosing Remote Event Log Software

Most of the software that manages event logs have extra capabilities. In fact, it is difficult to find a tool that just manages event logs. The main market for event log data lies in SIEM systems. They will manage event log messages solely to provide the security inference engine with source data.

In many software packages, log file management is not an end product. You may have to pay for those clever security operations that you might not want or need if you are just looking for a way to manage event log files.

The “remote” part of your requirements should not be difficult to fulfill. Most event log servers operate over a network and any tool that can communicate over a network can connect to other sites across the internet.