280 likes | 470 Views
Complete Event Log Viewing, Monitoring and Management. Event Log Sentry & View Functionality Summary. Remote viewing of multiple event logs with filtering capabilities Real-time notification of critical events Automatic response to selected events Automatic event storage in MS SQL Database
E N D
Event Log Sentry & View Functionality Summary • Remote viewing of multiple event logs with filtering capabilities • Real-time notification of critical events • Automatic response to selected events • Automatic event storage in MS SQL Database • Automatic clearing and archiving of event logs • Centralized management of Audit Policies and event log settings
Event Log View • Consolidated Event Log Viewing
When do you view your event logs? • Best Practices requires Daily viewing • Diagnostic Event Viewing when systems fail
Functionality of Event Log View • Consolidated view of Event Logs • Grouped machines for strategic viewing • Complete event log information presented • Detailed filtering capabilities • Create and store custom filters • Custom filters for 3rd party applications (in development)
Why use Event Log View? • Best practices requires daily viewing of all event logs. Event Log View makes it possible to satisfy best practices by streamlining and simplifying the viewing process • Event Log View reduces the time and resources spent viewing event logs and, as a result, reduces the related TCO (Total Cost of Operations)
Event Log Sentry Centralized Event Log Monitoring and Management
Monitoring Functionality of Event Log Sentry • Monitor event logs for critical events and receive immediate notification when they occur • Multiple notifications in response to events • Email (Pager, Cell phone, Blackberry, etc.) • Popup • Customizable messages in notifications, including macros (variables) • Integrated templates for 3rd party solutions
Automated Responses • Ability to run two automated actions per event trigger • Run console applications • Run batch files • Custom scripts
Why monitor your event logs with Event Log Sentry? • Decrease administrative response time to critical events to prevent system failures • Uninterrupted end-user productivity due to automated triggers • Proactive Monitoring means: • Reduces TCO associated with repairing system failures since problems are resolved before system failures occur • Administrators’ time spent on priority projects instead of reactive repair and analysis
Automated Event Log Clearing with Event Log Sentry • Schedule automated clearings for multiple event logs on non-production hours
Why Automate Event Log Clearing? • Event logs never reach maximum capacity–no loss of information • Reduces TCO since Administrative resources are not used to clear event logs
Event Log Archiving with Event Log Sentry • Archives raw .EVT files to back-up server
Why do you need to automate event log archiving? • Automation ensures that archiving occurs • Second source of original event information for diagnostics and audit trail purposes • Best Practices requires back up of all critical event log information
Storing Events in an SQL Database with Event Log Sentry • Migrate specific events into SQL Database using native SQL Server API
Why store events in an SQL Database? • Long-term data analysis • Use standard reports with Seagate Crystal Reports or create customized reports • Provides Audit trail • Uses MS SQL Server proprietary API calls • Faster than ODBC • Non-interference with other SQL Clients that may be running
Managing Policy Settings with Event Log Sentry • Centralized management of Event Log Settings and Audit Polices • Regular scans of settings and ability to reset policies and settings according to selected template(s)
Why centralize Policy and Auditing Settings? • Ensures correct event information is written to Security Log • Enforces consistent conformance with corporate security policies across all machines
Managing Event Log Sentry • Easy distribution of agents to servers or workstations in all domains. • Template-based design so that changes to multiple machines are performed with ease • Global templates and domain-level templates for simplified management
How does Event Log Sentry Work? • Event Log Sentry Server for Database Migration and .EVT Backup • Event Log Sentry Admin Console on Admin workstation • Event Log Sentry Agents on any machine whose event logs will be processed
Benefits of Event Log Sentry’s Distributed Architecture Design • Centralized management • Easily manages multiple domains • Load Balancing for continued monitoring and management • Efficient network/processor utilization • Scalable for large enterprises
How scalable is Event Log Sentry? • Test environment • 50 Servers • 200 Workstations • Tasks Performed • Monitoring selected events • Migrating selected events • Archiving
Test Environment Performance • Used one Event Log Sentry Server • Migrate Events • Backup Logs • Processor Utilization and Network Traffic • Unaffected on all monitored machines (250) • Processor Utilization on Event Log Sentry Server hovered around 3%—Never higher than 7% • Event Log Sentry Server also ran PDC and SQL Server
Conclusions from Test Environment • Installations up to 500 Servers will only require two Event Log Sentry Servers for same performance as test environment • One for Backup • One for Database Storage
Works with Windows 2000 • NT Event Logs • System • Application • Security • Windows 2000 Active Directory Logs • Directory Service • DNS Server • File Replication Service
Event Log Sentry and Event Log View Overall Benefits • Immediately isolate and prevent system and security threats through real-time notifications and automated actions • Research failures and breaches through an archived repository • Increase network visibility to improve security and systems management • Reduces TCO by reducing time spent viewing, monitoring, and managing event logs
Engagent Inc. Engagent 11889 98th Ave NE Kirkland, WA 98036 (877)820-7980 www.engagent.com sales@engagent.com