Get-EventLog via Protocol or via a Database ?

What are the pros and cons for a Protocol Backed / vs Database-backed event monitor ?

Domain: Powershell, IIS, Event Log Monitor / notification system.

1. Dont want to receive event notifications via email. – I am concerned with event-delivery only, not event capture.
2. There are many ways of capturing events on poshcode / MSFT Script Repo.

Protocol based event monitor – Use ODATA/ATOM or anything else to poll event logs from a System X, and display it anywhere else.

Database based event monitor – Uses this flow > Event (ETW) -> DB -> UI (Event-to-UI in milliseconds MAX 1 second)


1) You can only query what you want.
1) Slow / Sluggish?
2) You need to convert events to a Feed. Then write a WCF service (or Publish an Application in IIS), to get started. [maybe there is a better way, but I have tested only the IIS way till now]
3) Susceptible to fallacies of distributed computing

1) If you choose your tools well, you can achieve near millisecond round-trip from ETW to DB to UI. IIS doesn’t figure in this

1) You are forcing stuff into columns and splitting it up thereby losing objects. But, you are capturing the whole event-message (whatever is in the XML), so does it matter if you lose objects

Anything else ?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s