Complete Event Log Viewing, Monitoring and Management

Event Log Sentry & View Functionality Summary

Remote viewing of multiple event logs with filtering capabilities

Real-time notification of critical events Automatic response to selected events Automatic event storage in MS SQL Database Automatic clearing and archiving of event logs Centralized management of Audit Policies and

event log settings

Event Log Suite integration with Demandtech Software

Out-of-the-box templates for viewing, monitoring, and managing specifics events generated by Performance Gallery/Performance Sentry

When? May 2002

Event Log View

Consolidated Event Log Viewing

When do you view your event logs?

Best Practices requires Daily viewing

Diagnostic Event Viewing when systems fail

Functionality of Event Log View

Consolidated view of Event LogsGrouped machines for strategic viewingComplete event log information presented

Detailed filtering capabilitiesCreate and store custom filtersCustom filters for 3rd party applications (in

development)

Why use Event Log View?

Best practices requires daily viewing of all event logs. Event Log View makes it possible to satisfy best practices by streamlining and simplifying the viewing process

Event Log View reduces the time and resources spent viewing event logs and, as a result, reduces the related TCO (Total Cost of Operations)

Event Log Sentry

Centralized Event Log Monitoring and Management

Monitoring Functionality of Event Log Sentry

Monitor event logs for critical events and receive immediate notification when they occur

Multiple notifications in response to eventsEmail (Pager, Cell phone, Blackberry, etc.)

Popup

Customizable messages in notifications, including macros (variables)

Integrated templates for 3rd party solutions

Automated Responses

Ability to run two automated actions per event triggerRun console applicationsRun batch filesCustom scripts

Why monitor your event logs with Event Log Sentry?

Decrease administrative response time to critical events to prevent system failures

Uninterrupted end-user productivity due to automated triggers

Proactive Monitoring means:Reduces TCO associated with repairing system failures

since problems are resolved before system failures occur

Administrators’ time spent on priority projects instead of reactive repair and analysis

Automated Event Log Clearing with Event Log Sentry

Schedule automated clearings for multiple event logs on non-production hours

Why Automate Event Log Clearing?

Event logs never reach maximum capacity–no loss of information

Reduces TCO since Administrative resources are not used to clear event logs

Event Log Archiving with Event Log Sentry

Archives raw .EVT files to back-up server

Why do you need to automate event log archiving?

Automation ensures that archiving occurs Second source of original event information

for diagnostics and audit trail purposesBest Practices requires back up of all

critical event log information

Storing Events in an SQL Database with Event Log Sentry

Migrate specific events into SQL Database using native SQL Server API

Why store events in an SQL Database?

Long-term data analysisUse standard reports with Seagate Crystal

Reports or create customized reportsProvides Audit trailUses MS SQL Server proprietary API calls

Faster than ODBCNon-interference with other SQL Clients that

may be running

Managing Policy Settings with Event Log Sentry

Centralized management of Event Log Settings and Audit Polices

Regular scans of settings and ability to reset policies and settings according to selected template(s)

Why centralize Policy and Auditing Settings?

Ensures correct event information is written to Security Log

Enforces consistent conformance with corporate security policies across all machines

Managing Event Log Sentry

Easy distribution of agents to servers or workstations in all domains.

Template-based design so that changes to multiple machines are performed with ease

Global templates and domain-level templates for simplified management

The Distributed Architecture of Event Log Sentry

How does Event Log Sentry Work?

Event Log Sentry Server for Database Migration and .EVT Backup

Event Log Sentry Admin Console on Admin workstation

Event Log Sentry Agents on any machine whose event logs will be processed

Benefits of Event Log Sentry’s Distributed Architecture Design

Centralized managementEasily manages multiple domainsLoad Balancing for continued monitoring

and managementEfficient network/processor utilizationScalable for large enterprises

How scalable is Event Log Sentry?

Test environment50 Servers200 Workstations

Tasks PerformedMonitoring selected eventsMigrating selected eventsArchiving

Test Environment Performance

Used one Event Log Sentry ServerMigrate EventsBackup Logs

Processor Utilization and Network TrafficUnaffected on all monitored machines (250)Processor Utilization on Event Log Sentry Server

hovered around 3%—Never higher than 7%Event Log Sentry Server also ran PDC and SQL Server

Conclusions from Test Environment

Installations up to 500 Servers will only require two Event Log Sentry Servers for same performance as test environmentOne for BackupOne for Database Storage

Planned for May 2002

Centralized Agent Template Storage with IIS

Automatic Web Updates for 3rd Party Agent Templates

ODBC Compliance

Works with Windows 2000

NT Event LogsSystemApplicationSecurity

Windows 2000 Active Directory LogsDirectory ServiceDNS ServerFile Replication Service

Event Log Sentry and Event Log View Overall Benefits

Immediately isolate and prevent system and security threats through real-time notifications and automated actions

Research failures and breaches through an archived repository

Increase network visibility to improve security and systems management

Reduces TCO by reducing time spent viewing, monitoring, and managing event logs

Engagent Inc.

Engagent

11889 98th Ave NE

Kirkland, WA 98036

(877)820-7980

www.engagent.com

sales@engagent.com