1 / 28

Complete Event Log Viewing, Monitoring and Management

Complete Event Log Viewing, Monitoring and Management. Event Log Sentry & View Functionality Summary. Remote viewing of multiple event logs with filtering capabilities Real-time notification of critical events Automatic response to selected events Automatic event storage in MS SQL Database

dionne
Download Presentation

Complete Event Log Viewing, Monitoring and Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Complete Event Log Viewing, Monitoring and Management

  2. Event Log Sentry & View Functionality Summary • Remote viewing of multiple event logs with filtering capabilities • Real-time notification of critical events • Automatic response to selected events • Automatic event storage in MS SQL Database • Automatic clearing and archiving of event logs • Centralized management of Audit Policies and event log settings

  3. Event Log View • Consolidated Event Log Viewing

  4. When do you view your event logs? • Best Practices requires Daily viewing • Diagnostic Event Viewing when systems fail

  5. Functionality of Event Log View • Consolidated view of Event Logs • Grouped machines for strategic viewing • Complete event log information presented • Detailed filtering capabilities • Create and store custom filters • Custom filters for 3rd party applications (in development)

  6. Why use Event Log View? • Best practices requires daily viewing of all event logs. Event Log View makes it possible to satisfy best practices by streamlining and simplifying the viewing process • Event Log View reduces the time and resources spent viewing event logs and, as a result, reduces the related TCO (Total Cost of Operations)

  7. Event Log Sentry Centralized Event Log Monitoring and Management

  8. Monitoring Functionality of Event Log Sentry • Monitor event logs for critical events and receive immediate notification when they occur • Multiple notifications in response to events • Email (Pager, Cell phone, Blackberry, etc.) • Popup • Customizable messages in notifications, including macros (variables) • Integrated templates for 3rd party solutions

  9. Automated Responses • Ability to run two automated actions per event trigger • Run console applications • Run batch files • Custom scripts

  10. Why monitor your event logs with Event Log Sentry? • Decrease administrative response time to critical events to prevent system failures • Uninterrupted end-user productivity due to automated triggers • Proactive Monitoring means: • Reduces TCO associated with repairing system failures since problems are resolved before system failures occur • Administrators’ time spent on priority projects instead of reactive repair and analysis

  11. Automated Event Log Clearing with Event Log Sentry • Schedule automated clearings for multiple event logs on non-production hours

  12. Why Automate Event Log Clearing? • Event logs never reach maximum capacity–no loss of information • Reduces TCO since Administrative resources are not used to clear event logs

  13. Event Log Archiving with Event Log Sentry • Archives raw .EVT files to back-up server

  14. Why do you need to automate event log archiving? • Automation ensures that archiving occurs • Second source of original event information for diagnostics and audit trail purposes • Best Practices requires back up of all critical event log information

  15. Storing Events in an SQL Database with Event Log Sentry • Migrate specific events into SQL Database using native SQL Server API

  16. Why store events in an SQL Database? • Long-term data analysis • Use standard reports with Seagate Crystal Reports or create customized reports • Provides Audit trail • Uses MS SQL Server proprietary API calls • Faster than ODBC • Non-interference with other SQL Clients that may be running

  17. Managing Policy Settings with Event Log Sentry • Centralized management of Event Log Settings and Audit Polices • Regular scans of settings and ability to reset policies and settings according to selected template(s)

  18. Why centralize Policy and Auditing Settings? • Ensures correct event information is written to Security Log • Enforces consistent conformance with corporate security policies across all machines

  19. Managing Event Log Sentry • Easy distribution of agents to servers or workstations in all domains. • Template-based design so that changes to multiple machines are performed with ease • Global templates and domain-level templates for simplified management

  20. The Distributed Architecture of Event Log Sentry

  21. How does Event Log Sentry Work? • Event Log Sentry Server for Database Migration and .EVT Backup • Event Log Sentry Admin Console on Admin workstation • Event Log Sentry Agents on any machine whose event logs will be processed

  22. Benefits of Event Log Sentry’s Distributed Architecture Design • Centralized management • Easily manages multiple domains • Load Balancing for continued monitoring and management • Efficient network/processor utilization • Scalable for large enterprises

  23. How scalable is Event Log Sentry? • Test environment • 50 Servers • 200 Workstations • Tasks Performed • Monitoring selected events • Migrating selected events • Archiving

  24. Test Environment Performance • Used one Event Log Sentry Server • Migrate Events • Backup Logs • Processor Utilization and Network Traffic • Unaffected on all monitored machines (250) • Processor Utilization on Event Log Sentry Server hovered around 3%—Never higher than 7% • Event Log Sentry Server also ran PDC and SQL Server

  25. Conclusions from Test Environment • Installations up to 500 Servers will only require two Event Log Sentry Servers for same performance as test environment • One for Backup • One for Database Storage

  26. Works with Windows 2000 • NT Event Logs • System • Application • Security • Windows 2000 Active Directory Logs • Directory Service • DNS Server • File Replication Service

  27. Event Log Sentry and Event Log View Overall Benefits • Immediately isolate and prevent system and security threats through real-time notifications and automated actions • Research failures and breaches through an archived repository • Increase network visibility to improve security and systems management • Reduces TCO by reducing time spent viewing, monitoring, and managing event logs

  28. Engagent Inc. Engagent 11889 98th Ave NE Kirkland, WA 98036 (877)820-7980 www.engagent.com sales@engagent.com

More Related