Improved Windows Event Collection in LogMeister/EventMeister 5.1

New versions of LogMeister and EventMeister have just been released which bring very useful improvements for those collecting and filtering events from the various Windows event logs. Perhaps the single most important change is that if you’re using real-time monitoring with Windows Event Collection (WEC), you will no longer miss out on events if there’s an extended period of monitoring downtime due to maintenance of the remote server or network failure for example. Previously, there was a short grace period where event collection would play catch-up, but now that grace period can stretch over hours and days if needed.

Our expectation is that most clients will want this new functionality, so it defaults to “on” even with existing feeds, but it can be disabled by turning off the “Use bookmarks” option on the Eventlog property page for event log feeds:

Another improvement in the new release – also affecting realtime collection using WEC – is the ability to populate the feed store with pre-existing events. Previously the only way to get these old events into a newly-created feed store was to do a single round of “polling” collection, then switch to real-time collection. Now however you’ll be given the option to collect old data automatically on creation of a real-time feed, and if you miss that option you can always just “reset” the feed to receive another opportunity:

One final benefit of the new release – for those creating fresh event log feeds – is an improved search mechanism that finds networked computers more quickly and more fully, especially if you’re using active directory.

You can get the latest versions of both apps from our download page here:

To update, please just grab the latest appropriate package and do an “over-the-top” install (note to avoid a restart, it’s best to quit LogMeister/EventMeister and stop the associated service first).