|
|
What is Event SentryEventSentry is the proactive, real-time monitoring solution that watches over your servers, workstations and network devices to ensure maximum availability and that also helps with SOX, HIPAA and other compliance requirements. With EventSentry you can consolidate and monitor event logs in
real-time as well as monitor performance, disk space, services, processes and
software/hardware installations on servers and workstations. Additional features
include temperature & humidity monitoring, motion/smoke/water detection,
process, logon and print tracking for audit purposes and open-source web reports
which ship in multiple languages including English, French, German, Portuguese,
Japanese and Korean.
ManagementThe EventSentry management application was designed to make monitoring as easy as possible while offering great flexibility at the same time. EventSentry features an intuitive MMC-like management application that lets you easily configure EventSentry and manage remote computers. After you have setup and configured EventSentry to meet your needs, changing and adapting settings is quick and easy. Package Management
Remote Update
The remote update procedure can also be completely automated using the command-line Remote Update Utility. This utility can be scheduled to run at regular intervals (e.g. twice a day) through the Windows scheduler and will ensure sure that:
If one or more of your computers groups are linked to an Active Directory OU or group then the Remote Update Utility can also automatically install the agent on computers that were added to the linked OU or group. Event Log Monitoring
For example, you can have web server related messages sent to the webmaster, while sending all other critical messages to the network administrator. Exclude filters allow you to filter out messages that are of no interest and can either be applied to some notifications targets (e.g. email and file ) or all notifications. The filtering mechanism is so powerful that you can satisfy almost any scenario. Send event log messages by SMTP email or via syslog, write them to a database or text/html file, print them on a matrix printer or simply launch a custom process. All scenarios are determined by the filter rules you setup. Thresholds & Advanced Features
You can also impose day and time restrictions on filters and use summary notifications for emails or databases which sends you summary emails at certain times. Additionally, event log filters can also be set to expire at a given date/time. Event Log Consolidation
Log File Monitoring
EventSentry also ships with a database import utility that can be used to import log files into the database manually or on a scheduled basis (command-line options are supported) if real-time monitoring is not desirable or possible for any reason. Log File Monitoring Alerts
Log File Monitoring Consolidation
System Health Monitoring
System Health Monitoring
Process Tracking, Logon Tracking and Print TrackingEventSentry's Tracking features allow you to track various system information which is extracted from the event logs into the database. You can currently track
and query the data through the web reports. Process Tracking records a history of all executed processes, Logon Tracking records a history of all local logons, and Print Tracking records a history of all printed documents in the EventSentry database. Syslog DaemonEventSentry includes a built-in syslog daemon that can be used to consolidate log data from any device that supports the syslog protocol. EventSentry's syslog daemon (UDP and TCP are both supported) can be configured to consolidate incoming Syslog messages to the central database and/or log incoming Syslog messages to the Windows Application event log. The syslog protocol is supported by various Unix/Linux flavors (e.g. Linux©, RedHat©, SUSE©, OpenBSD, NetBSD, FreeBSD, Sun© Solaris©, Apple© OSX 10.x, various Cisco and other high-end network devices). Syslog To DatabaseIf you enable the Syslog daemon to log incoming message to a database, then you can conveniently search through all collected Syslog events through the EventSentry web reporting system. You can configure the Syslog To Database feature to either log all incoming Syslog messages (you can define exceptions) to the database, or only log selected messages to the database. Syslog To Event LogIf you enable the Syslog To Event Log feature then EventSentry will log incoming Syslog messages to the Application event log. You can configure exactly which messages you want to log to the Application event log, and also map the eight Syslog severities to one of the three Windows event log severities. By completely integrating with the Windows event log, incoming Syslog messages can be treated just like any other event log messages and processed with the EventSentry event log filters. For example, you can
Advanced SettingsThe EventSentry Syslog daemon supports the UDP and TCP protocol and supports the following configuration options:
Network Monitoring
In a nutshell, you can monitor:
Notification MethodsYou can be notified through any of the supported
notifications
Status and History Reports
Monitoring through PINGYou can monitor remote ip hosts by sending fully-customized ICMP packets. This monitoring type offers the following features:
Monitoring network services through TCPIn addition to or instead of PING monitoring you can verify that remote services listening on TCP ports (e.g. POP3, HTTP, SMTP etc.) are active. You can specify multiple ports when monitoring a host. Monitoring EventSentry AgentsFor computers running Windows and the EventSentry agents, monitoring the EventSentry agents will ensure that your servers and workstations are being monitored. This feature will ensure that the EventSentry service is in a running state on the monitored computers. Ping Tracking (Traffic Graph)In addition to receiving alerts when a remote host is down or the response time below a preset limit you can also record the ping response time in the database. You can activate this feature either globally or on a per-host basis and view the ping-response chart using the web reports. Advanced FeaturesHeartbeat-Monitoring also has these additional features:
Actions & NotificationsEventSentry currently supports 15 different types of actions and notifications. Some actions are useful for immediate notification (such as email or syslog) while others are useful for collection and consolidation.
Fault Tolerance for SMTP, Syslog and database notificationsWhen the database, SMTP or Syslog (TCP) server are offline, EventSentry will cache events during this time and attempt to deliver them as soon as the server is back online. This ensures 100% reliability during temporary network outages. Web Reporting
The web reports can be localized and EventSentry ships with the following languages:
Most of the features included in EventSentry can write data to an ODBC database. This information can then be queried through the open-source web reports from any server or workstation running IIS. The following information is currently available through the web reporting feature: Please click on the topics above for more information. The open-source ASP web pages can be installed on any IIS
web server that can connect to the EventSentry database through ODBC. The
files are simply copied to a shared directory on the web server.
|
|
EventSentry
can be easily configured using Event Log, Log File, Health and Tracking
packages. Packages contain one or more monitoring objects and are either
assigned globally, to computer groups or to individual computers. EventSentry
ships with a number of pre-configured packages which mostly exclude unwanted
events from being sent to your email notifications. These packages are
constantly under development and can be downloaded from within the management
application. Packages contain information such as: 
Remote
Update allows you to easily administer and update monitored computers running
the EventSentry agents. With remote update you can push out the latest agents
(e.g. after an update or a patch installation) but also send the latest
configuration to the remote computers. Remote update supports managing servers
and workstations from different domains. 
Event Log monitoring is the core part of EventSentry and our filtering system
gives you countless configuration options to achieve almost any goal. You
define which event log messages you are interested in and can dispatch them in
several ways to different types of targets. 
Additional
event log monitoring features include filter thresholds which allow you to
become notified when a certain number of events appear during a certain time
interval (e.g. more than 10 login failures in 1 minute). Filter thresholds can
also be used to ignore repetitive events when they reach a certain count.
The recurring event feature allows you to become notified when one or more
events do not occur during a preset time period. For example,
instead of getting emails when a process (e.g. backup) completed successfully,
you will only get an email when the process didn't complete. 
Event
Log Consolidation stores all or some event log entries in a central ODBC
database (MSSQL, MySQL, Oracle, Access are currently supported). You can then
search for events from the open-source EventSentry web reports or create
custom reports. Reports can be printed through the web browser or exported to
CSV files. 
Log File Monitoring allows you to both consolidate text from log files in the
EventSentry database as well as receive alerts when certain text patterns are
found in a log file. Log File Monitoring supports the following types of log
files: 
You
can configure EventSentry to log an alert with a customizable severity to the
Application event log when a monitored log file contains one or more strings of
interest. For example, you can receive an email if the NTBackup log file
contains the string "Warning:". 
In
most cases you will want to consolidate log file information into the
EventSentry database so that you can archive and search log files from one
central location. As mentioned earlier, you can consolidate both non-delimited
and delimited log files with EventSentry. 
In addition to system monitoring through
With heartbeat monitoring you can monitor the uptime of hosts, network services
and the EventSentry agent. The Heartbeat agent can monitor any ip based host,
including Windows servers, workstations, Unix/Linux hosts, network switches,
routers and more. 
In
addition to being notified when a host or service go offline (or back online),
EventSentry offers a heartbeat status web page that will show you at a glance
which hosts and services are currently online or offline. A heartbeat history
page will show you a complete history of all status changes. Both the status and
history page are either HTML pages constantly update by the agent, or saved to a
database where the status and history reports can be viewed through the
EventSentry offers reporting features through a collection of web pages. The
web reporting feature ships with ASP pages which are installed on any IIS web
server on your network that can connect to the EventSentry database.