I've used many GFI products over the last 10 years, and in that time, I've found most of them to be user-friendly and a good value, though they tend to be aimed at small and midsize Microsoft Windows shops. GFI EventsManager follows that tradition while also supporting Linux and Unix clients.
EventsManager comes as a single installable executable. (You can download a time-limited trial version of GFI EventsManager for free.) As with all GFI products, the install is almost as simple as Next, Next, and Enter. GFI will install Microsoft SQL Server 2005 Express, if it doesn't detect an existing SQL Server instance, although you might need to apply the latest SQL Server service pack afterward.
During the install, you'll need to provide domain admin credentials, which EventsManager uses to access remote Windows computers. You can provide separate credentials for each client (the hosts from which you're collecting events) at a later time. I'll give GFI kudos for this small touch, which allows great security protection. You'll also need to install EventsManager on a Windows Vista, Windows 7, or Windows Server 2008 computer if you want to collect events from Microsoft's newest operating systems. Lastly, for the best reporting you'll need to download and install GFI's free Report Pack.
GFI EventsManager: Event log support and processing rules
EventsManager is able to collect and process various event log types, including Windows event logs, Internet Information Service (IIS) W3C logs, SQL Server, syslog, and SNMP trap messages. For Windows event log collection, the Remote Registry service must be enabled on the clients. For IIS W3C log collection, an accessible NetBIOS share must be assigned to the log folder. Syslog and SNMP hosts should forward their events to the computer hosting the EventsManager service. GFI has done an excellent job of coding EventsManager to work with various popular SNMP MIB databases beyond the simple generic trap messages.