Event Rover for Windows NT / 2000 / XP / 2003 SEM and Log Forensics
Event Rover - Dorian Software Creations' Tool for Log File Analysis and Forensics View, Sort, and Manage Windows Event Log Files with Dorian Software
Event Rover - Windows Log File Forensics and Event Viewing by Dorian Software SEM , SIM and Security Event Management with Dorian Software
Features - Windows Event Log Viewer Download - Windows Event Log Forensics and Analysis Purchase - Windows Log File Viewing, Sorting, and Forensics with Event Rover FAQ - Windows Log Management, Analysis, and Forensic Study with Event Rover Dorian Support Center for Network Security SEM and Security Event Management Software Dorian Software - Makers of Windows Network Security and Event Log Collection, Reporting,  and Monitoring Tools

Event Rover:

Effortless Event Log Sorting and Viewing

Event Rover™ changes the way network administrators view event logs - whether viewed routinely or in emergency investigatory scenarios.

The most noticeable feature Event Rover delivers is the effortless sorting and filtering of event log data into multiple, user-configurable tree views. Indeed, this functionality represents a shift in the event log paradigm - since event log files often grow rapidly to large sizes, the traditional method of reviewing log files in a linear, chronological list is virtually obsolete.

Every administrator needs an efficient tool for reviewing event log files without the endless scrolling and filtering required by the built-in event viewer. Accuracy is improved and auditor error is minimized with Event Rover - how many critical log entries can be missed when relying on line by line scanning and hastily prepared filter cheat sheets? Event Rover takes the guess work out of spot checking log files for security events too - all common security event identifiers have friendly descriptions paired with them throughout the application.

Basic ad-hoc reporting and data exporting are available in Event Rover right out of the box, with no additional configuration needed. HTML reports can rapidly be generated from any branch of the currently viewed tree - what you see on screen is reproduced faithfully in the report. Related groups of events can be exported to comma-delimited text for further review/import into spreadsheets, databases, or Dorian Software's Event Analyst program. Admins and forensic examiners can add comments to any reports they create, in order to further explain what the data represents.

Event Rover provides the additional assurance that routine review or spot audits will not affect the integrity of log file stores - all review is done with a backup copy of the log file copied to the local computer. No clearing of the active, in-use log file occurs with Event Rover. If a backup of an event log yields important findings, administrators can easily add it to Event Rover's library of saved logs for further review or forensic submission.

Used independently, or as a companion to Dorian's Total Event Log Management Suite components - Event Alarm, Event Archiver, and Event Analyst - Event Rover provides a most efficient way of accomplishing what should be a simple, routine administrative task: the mining of event log data for items of interest.


Just Some of Event Rover's Powerful Features

  • Reviews data from active event log (.EVT) files
  • Reviews data from previously saved event log (.EVT) files
  • Reviews data from Event Archiver zip-compressed event log (.EVT) files
  • Sorts event log data effortlessly into user-customizable trees of field groupings
  • Dynamically regroups event log data on the fly into different trees of field groupings
  • Summary information (log size, number of events, number of events of a specific type, user accounts found) is presented to the administrator upon log opening
  • Easily opens zipped event log (.EVT) files - whether zipped by Event Archiver or most mainstream zip utilities
  • Exports related data to comma-delimited text
  • Exports grouped log data to an HTML report, with the ability to add comments explaining the data contained within the report
  • Filters log data at load using an absolute or relative date range
  • Filters log data by other event log fields
  • Save frequently-used filters to a local database
  • Create friendly descriptions for common event identifier numbers
  • NTFS compression of Event Rover's local event logs database to maximize storage
  • Locally caches saved event log information to speed future review and allow for offsite review of saved event logs
  • Quick access for researching of event identifiers at eventlogs.com - Dorian Software's event logs resource site - as well as other valuable online resources