What is Log Smith?
Log Smith is a very powerful tool to slice and dice Windows event logs and events from System Center Operations Manager (SCOM) 2007 and 2007 R2. You can organize multiple event views for SCOM and Windows events and save them all together in a file.
To access SCOM events, Log Smith connects to the SDK service on your RMS. Windows events are gathered using WMI.
Using the criteria syntax helper, you can easily create WQL queries for Windows events and SCOM SDK queries for SCOM events. Once the data is in Log Smith, you can use all the powerful filter, sort and search features to further analyse your data.
Log Smith also allows you to manage different credentials for your views and lets you store them in your Log Smith file encrypted and protected using a "Master Password".
Why would you need Log Smith?
SCOM and Windows event views are very limited and do not allow you to search and filter using the event description field, for example. Getting a list of all events containing the word "SqlException" is extremely easy with Log Smith.
Besides of easy search and the ability to create powerful and complex filtered views, Log Smith also allows you to group the list of events by one or more columns. The group summary shows you the total number of events for each group.
Another great feature, especially for SCOM administrators and management pack authors, the ability to see the event parameters (replacement strings) for each SCOM and Windows event.