How to Design a System to Collect all Workstation Logs?

1. Overview

A company named ABEX Solutions is moving onto digital innovations and wants a system implemented to collect work log of its employees, being the IT Head here’s my preposition of the said system to company’s officials.

The project needs a system that monitors all workstation logs in Computer Science department and analyzes it. The system can detect the important event logs such as critical, warning and error related to application and system clients. The administrator is only one user able to view the event logs that forwarded by clients.

The scope is pretty basic i.e. as the problem is no system in Computer Science department that has a function to monitor and collect the significant logs such as critical, warning and error from computers in the ABEX Solutions. So, the administrator system cannot check and see these logs from Windows Server immediately. So it’ll be designed keeping the general traffic in the lab at first would be limited to one lab but would contain capability to be extended later.

There is no system to monitor and collect all workstation logs in the ABEX Solutions, so it’s a must to have one which would save them lot of money as the forwarded events to the central server collector would tell input of all employees. So, the Windows Server 2008 must use as central event collector for all event collected from source computers in the lab and both collector and sources computers need to configuration. Source computers in order for communication with event collector, it is necessary to open firewall ports to accept connection. Also, the event collector service and Windows Remote Management it needs to be running. Moreover, the subscription service it needs to define on the event collector because the Windows Event Forwarding store the define subscription on the event collector. Furthermore, Group Policy could use to configuring source computers in order to forwarded event logs to collector.

All of logs must be protected for all phases. In the future, it is possible that the software design will have to incorporate changes that could take place in other workplace in the same domain. The logs of all entities involved in that domain should have the same standard of data format and security of data when transferring between the departments or branches also needed.  Changes or additions about payment methods can affect the PMS directly but logs would be maintained all the same.

 

System to Collect All Workstation Logs, will inherit the GUI properties of the OS on which it’s running. So user will find a familiar interface while using the System. There will be simple pages to add view or delete data according to user requirements. In any way user will find the GUI very simple and very easy to use.

Application General Functions

Application would serve following functionalities:

  • Server Machine: (Collector Machine)
  • Configure Windows Event Collector Service.
  • Windows Remote Management (WinRM)
  • Windows Firewall Modification.
  • Windows Event Collector Service set as automatic (delayed start) and started.
  • MMC, Configure Event Subscriptions.

 

  • Create an Event Subscription
  • Subscription type and source computer
  • Select Event to collect and create the query filter.
  • Advance: Minimize Latency

 

  • Source Machine: (Forwarding Machine)
  • Install Windows Remote Management (WinRM)
  • Configure the Windows Remote Management (WinRM)
  • Windows Firewall Modification.
  • Add a computer account of the collector computer under Event Log Readers

 

  • Forwarded Events:

By this service the administrator user could view the logs of sources computer in this system. The Administrator user can view all forwarding event logs from all sources computer.

 

2. Data Flow DiagraM (DFD)

3. ER Diagram:

 

SHARE

LEAVE A REPLY

Please enter your comment!
Please enter your name here