Complete Event Log Viewing, Monitoring and Management

Event Log Sentry & View Functionality Summary  Remote viewing of multiple event logs with filtering capabilities  Real-time notification of critical events  Automatic response to selected events  Automatic event storage in MS SQL Database  Automatic clearing and archiving of event logs  Centralized management of Audit Policies and event log settings

Event Log View  Consolidated Event Log Viewing

When do you view your event logs?  Best Practices requires Daily viewing  Diagnostic Event Viewing when systems fail

Functionality of Event Log View  Consolidated view of Event Logs  Grouped machines for strategic viewing  Complete event log information presented  Detailed filtering capabilities  Create and store custom filters  Custom filters for 3 rd party applications (in development)

Why use Event Log View?  Best practices requires daily viewing of all event logs. Event Log View makes it possible to satisfy best practices by streamlining and simplifying the viewing process  Event Log View reduces the time and resources spent viewing event logs and, as a result, reduces the related TCO (Total Cost of Operations)

Event Log Sentry Centralized Event Log Monitoring and Management

Monitoring Functionality of Event Log Sentry  Monitor event logs for critical events and receive immediate notification when they occur  Multiple notifications in response to events  (Pager, Cell phone, Blackberry, etc.)  Popup  Customizable messages in notifications, including macros (variables)  Integrated templates for 3 rd party solutions

Automated Responses  Ability to run two automated actions per event trigger  Run console applications  Run batch files  Custom scripts

Why monitor your event logs with Event Log Sentry?  Decrease administrative response time to critical events to prevent system failures  Uninterrupted end-user productivity due to automated triggers  Proactive Monitoring means:  Reduces TCO associated with repairing system failures since problems are resolved before system failures occur  Administrators’ time spent on priority projects instead of reactive repair and analysis

Automated Event Log Clearing with Event Log Sentry  Schedule automated clearings for multiple event logs on non-production hours

Why Automate Event Log Clearing?  Event logs never reach maximum capacity– no loss of information  Reduces TCO since Administrative resources are not used to clear event logs

Event Log Archiving with Event Log Sentry  Archives raw.EVT files to back-up server

Why do you need to automate event log archiving?  Automation ensures that archiving occurs  Second source of original event information for diagnostics and audit trail purposes  Best Practices requires back up of all critical event log information

Storing Events in an SQL Database with Event Log Sentry  Migrate specific events into SQL Database using native SQL Server API

Why store events in an SQL Database?  Long-term data analysis  Use standard reports with Seagate Crystal Reports or create customized reports  Provides Audit trail  Uses MS SQL Server proprietary API calls  Faster than ODBC  Non-interference with other SQL Clients that may be running

Managing Policy Settings with Event Log Sentry  Centralized management of Event Log Settings and Audit Polices  Regular scans of settings and ability to reset policies and settings according to selected template(s)

Why centralize Policy and Auditing Settings?  Ensures correct event information is written to Security Log  Enforces consistent conformance with corporate security policies across all machines

Managing Event Log Sentry  Easy distribution of agents to servers or workstations in all domains.  Template-based design so that changes to multiple machines are performed with ease  Global templates and domain-level templates for simplified management

The Distributed Architecture of Event Log Sentry

How does Event Log Sentry Work? EE vent Log Sentry Server for Database Migration and.EVT Backup EE vent Log Sentry Admin Console on Admin workstation EE vent Log Sentry Agents on any machine whose event logs will be processed

Benefits of Event Log Sentry’s Distributed Architecture Design  Centralized management  Easily manages multiple domains  Load Balancing for continued monitoring and management  Efficient network/processor utilization  Scalable for large enterprises

How scalable is Event Log Sentry?  Test environment  50 Servers  200 Workstations  Tasks Performed  Monitoring selected events  Migrating selected events  Archiving

Test Environment Performance  Used one Event Log Sentry Server  Migrate Events  Backup Logs  Processor Utilization and Network Traffic  Unaffected on all monitored machines (250)  Processor Utilization on Event Log Sentry Server hovered around 3%—Never higher than 7%  Event Log Sentry Server also ran PDC and SQL Server

Conclusions from Test Environment II nstallations up to 500 Servers will only require two Event Log Sentry Servers for same performance as test environment OO ne for Backup OO ne for Database Storage

Works with Windows 2000  NT Event Logs  System  Application  Security  Windows 2000 Active Directory Logs  Directory Service  DNS Server  File Replication Service

Event Log Sentry and Event Log View Overall Benefits  Immediately isolate and prevent system and security threats through real-time notifications and automated actions  Research failures and breaches through an archived repository  Increase network visibility to improve security and systems management  Reduces TCO by reducing time spent viewing, monitoring, and managing event logs

Engagent Inc. Engagent th Ave NE Kirkland, WA (877)