How to Design a System to Collect All Workstation Logs?

1. Overview

1.1 Document Purpose

The project needs a system that monitors all workstation logs in Computer Science department and analyzes it. The system can detect the important event logs such as critical, warning and error related to application and system clients. The administrator is only one user able to view the event logs that forwarded by clients.

1.2 Product Scope

The scope is pretty basic i.e. as the problem is no system in Computer Science department that has a function to monitor and collect the significant logs such as critical, warning and error from computers in the S114D lab. So, the administrator system cannot check and see these logs from Windows Server immediately. So it’ll be designed keeping the general traffic in the lab at first would be limited to one lab but would contain capability to be extended later.

1.3 Intended Audience and Document Overview

This Design Specification Document is specifically designed to be read by Client, Project Managing & Testing Team and Professors to be evaluated & then implemented. The rest of design specification document will further describe Overall Description, Specific Requirements & Other Non-functional Requirements. The suggested sequence for reader will be as contents are listed, this design specification document contains functional points as well as theoretical points so a reader with average knowledge of software can easily understand it. Requirements statements in this document are both functional and non-functional.

1.4 Definitions, Acronyms and Abbreviations

Administrator user: Account used to log on to Windows Server 2008 and Windows 7 by users to create service accounts, install Microsoft Operations Manager components, and have access to the Administrator console. Administrators are members of the Administrators group and have full control over the domain or computer.

Administrator Console: Interface based on Microsoft Management Console (MMC) technology, used for monitoring and event management. Can include the Microsoft Operations Manager Information Center, Operations, Management Packs, and Administration snap-ins.

Alert: An indication of a significant event. Alerts are defined by rules.

Collector: A server machine in this project.

Configuration Management: The process of identifying and defining the configuration items in a system, recording and reporting the status of configuration items and requests for change, and verifying the completeness and correctness of configuration items.

Configure: Manage a product, feature, or system by setting its details or current structure.

Computer group: Collection of computers with some attribute in common. Computer groups are defined by computer grouping rules for similar event management.

Computer group filter: In the Operator Console, a drop-down list of filters that limit the number of computers shown.

Computer group view: Window that displays specified computer groups in the management group.

Event: Any significant occurrence in the system or an application that requires a user to be notified or an entry to be added to a log. Microsoft Operations Manager monitors events logged in Windows 7 event logs and other application logs.

Event forwarding: the transmission of information to a centralized computer concerning events that take place on remote computers or servers.

Event collection: it allows administrators to get events from remote computers and store them in a local event log on the collector computer.

Event view: Window that displays specified events in the management group.

Forwarding computer: a client machine, a source machine.

Management Group: Group of computers containing the following Microsoft Operations Manager 2005 components: one database, one or more Data Access Servers, one or more MOM Server, and one or more agents.

Monitor view: Contains those activities for tracking usage or identifying, reporting on, and solving problems at the earliest possible stage.





2. Objectives and Goals

2.1 Major Processes / Functions:

There is no system to monitor and collect all workstation logs in the s114D lab then forwarded events to the central server collector. So, the Windows Server 2008 must use as central event collector for all event collected from source computers in the lab and both collector and sources computers need to configuration. Source computers in order for communication with event collector, it is necessary to open firewall ports to accept connection. Also, the event collector service and Windows Remote Management it needs to be running. Moreover, the subscription service it needs to define on the event collector because the Windows Event Forwarding store the define subscription on the event collector. Furthermore, Group Policy could use to configuring source computers in order to forwarded event logs to collector.

4. Design Choices

4.1 Operating Environment

Any system with Windows OS and Remote Management Installed in it, Windows Server 2008 or above are necessary for “System to Collect All Workstation Logs”. For better performance at least 4 GB of RAM is required in a machine running this software. Local Network must be present to maintain the super database. It will be desktop based software with a user friendly interface and it will need Windows Server Features for the deployment. Through this system they will be able to run all the lab activities much faster and more effectively and efficiently.

4.2 Design and Implementation Constraints

All of logs must be protected for all phases. In the future, it is possible that the software design will have to incorporate changes that could take place in other workplace in the same domain. The logs of all entities involved in that domain should have the same standard of data format and security of data when transferring between the departments or branches also needed.  Changes or additions about payment methods can affect the PMS directly but logs would be maintained all the same.






5. Application Interface Metaphor

5.1 Hardware Interfaces

Project “System to Collect All Workstation Logs” will interact to hardware via .net 4.0. All the management of hardware resources will be done by .net. Proposed system will itself do nothing as far as hardware is concerned. The user will just need to have .net installed on his system and properly integrated. There is no need of any special equipment for proposed system to run on any system.

Windows Server Machine & System Running Windows 7 are vital for achieving the Project.

5.2 Software Interfaces

System to Collect All Workstation Logs, will inherit the GUI properties of the OS on which it’s running. So user will find a familiar interface while using the System. There will be simple pages to add view or delete data according to user requirements. In any way user will find the GUI very simple and very easy to use.

5.3 Communications Interfaces

System to Collect All Workstation Logs, will be using local area network. It doesn’t need to follow any protocols concerning internet. It will do some simple communication with other systems. All the information will be decrypted using asymmetric keys system so there is no possible way of hacking the communication stream of System To Collect All Workstation Logs server and clients.

6. Application General Functions

Application would serve following functionalities:

  • Server Machine: (Collector Machine)
  • Configure Windows Event Collector Service.
  • Windows Remote Management (WinRM)
  • Windows Firewall Modification.
  • Windows Event Collector Service set as automatic (delayed start) and started.
  • MMC, Configure Event Subscriptions.


  • Create an Event Subscription
  • Subscription type and source computer
  • Select Event to collect and create the query filter.
  • Advance: Minimize Latency


  • Source Machine: (Forwarding Machine)
  • Install Windows Remote Management (WinRM)
  • Configure the Windows Remote Management (WinRM)
  • Windows Firewall Modification.
  • Add a computer account of the collector computer under Event Log Readers


  • Forwarded Events:

By this service the administrator user could view the logs of sources computer in this system. The Administrator user can view all forwarding event logs from all sources computer.


7. Interaction Types

7.1 UML Use Case

8. Application Flow

User interface is significant point to understand the system. Describing the user interface, it assists the client to have idea about the system. One of a requirement to configuration the system in server and clients has an administrator user. So, the administrator interface will be in collector and sources. Moreover, I can see many ways to configure the collector and sources machines, by entering command prompt or selecting from windows (interfaces). Here, I just use one method to be clear for the user.

8.1 Application Flow (Flowchart)

9. Data Flow DiagraM (DFD)

10. UML Class/Entity Diagram


Please enter your comment!
Please enter your name here