What is it exactly that makes DAD useful? Don we already have log aggregation tools?
That’s a good question. It is true that there are a large number of log aggregation tools available today. One of the things that truly distinguishes DAD, especially in a Windows context, is that matter of being agentless. Many administrators are gun-shy of agents, probably for good reason. We are using the native Windows interface to extract the logs remotely in near real time. In addition to aggregating your logs, DAD provides convenient search facilities for the data collected. Using DAD, you can also specify correlation alerts and simple alerts to take virtually any action that you would like to respond to or inform administrators about the event. So DAD is really a Windows log management tool then? DAD includes a syslog engine, allowing the collection from any syslog source. Also included with DAD is a regular expression based log carving interface that makes it possible to carve up syslog (or any other arbitrary log format) into appropriate pieces to store into the database. This
