Complete Event Log Viewing, Monitoring and Management

Event Log Sentry & View Functionality Summary Remote viewing of multiple event logs with filtering capabilities Real-time notification of critical events Automatic response to selected events Automatic event storage in MS SQL Database Automatic clearing and archiving of event logs Centralized management of Audit Policies and event log settings

Event Log Suite integration with Demandtech Software Out-of-the-box templates for viewing, monitoring, and managing specifics events generated by Performance Gallery/Performance Sentry When? May 2002

Event Log View Consolidated Event Log Viewing

When do you view your event logs? Best Practices requires Daily viewing Diagnostic Event Viewing when systems fail

Functionality of Event Log View Consolidated view of Event Logs Grouped machines for strategic viewing Complete event log information presented Detailed filtering capabilities Create and store custom filters Custom filters for 3 rd party applications (in development)

Why use Event Log View? Best practices requires daily viewing of all event logs. Event Log View makes it possible to satisfy best practices by streamlining and simplifying the viewing process Event Log View reduces the time and resources spent viewing event logs and, as a result, reduces the related TCO (Total Cost of Operations)

Event Log Sentry Centralized Event Log Monitoring and Management

Monitoring Functionality of Event Log Sentry Monitor event logs for critical events and receive immediate notification when they occur Multiple notifications in response to events (Pager, Cell phone, Blackberry, etc.) Popup Customizable messages in notifications, including macros (variables) Integrated templates for 3 rd party solutions

Automated Responses Ability to run two automated actions per event trigger Run console applications Run batch files Custom scripts

Why monitor your event logs with Event Log Sentry? Decrease administrative response time to critical events to prevent system failures Uninterrupted end-user productivity due to automated triggers Proactive Monitoring means: Reduces TCO associated with repairing system failures since problems are resolved before system failures occur Administrators time spent on priority projects instead of reactive repair and analysis

Automated Event Log Clearing with Event Log Sentry Schedule automated clearings for multiple event logs on non-production hours

Why Automate Event Log Clearing? Event logs never reach maximum capacity– no loss of information Reduces TCO since Administrative resources are not used to clear event logs

Event Log Archiving with Event Log Sentry Archives raw.EVT files to back-up server

Why do you need to automate event log archiving? Automation ensures that archiving occurs Second source of original event information for diagnostics and audit trail purposes Best Practices requires back up of all critical event log information

Storing Events in an SQL Database with Event Log Sentry Migrate specific events into SQL Database using native SQL Server API

Why store events in an SQL Database? Long-term data analysis Use standard reports with Seagate Crystal Reports or create customized reports Provides Audit trail Uses MS SQL Server proprietary API calls Faster than ODBC Non-interference with other SQL Clients that may be running

Managing Policy Settings with Event Log Sentry Centralized management of Event Log Settings and Audit Polices Regular scans of settings and ability to reset policies and settings according to selected template(s)

Why centralize Policy and Auditing Settings? Ensures correct event information is written to Security Log Enforces consistent conformance with corporate security policies across all machines

Managing Event Log Sentry Easy distribution of agents to servers or workstations in all domains. Template-based design so that changes to multiple machines are performed with ease Global templates and domain-level templates for simplified management

The Distributed Architecture of Event Log Sentry

How does Event Log Sentry Work? E vent Log Sentry Server for Database Migration and.EVT Backup E vent Log Sentry Admin Console on Admin workstation E vent Log Sentry Agents on any machine whose event logs will be processed

Benefits of Event Log Sentrys Distributed Architecture Design Centralized management Easily manages multiple domains Load Balancing for continued monitoring and management Efficient network/processor utilization Scalable for large enterprises

How scalable is Event Log Sentry? Test environment 50 Servers 200 Workstations Tasks Performed Monitoring selected events Migrating selected events Archiving

Test Environment Performance Used one Event Log Sentry Server Migrate Events Backup Logs Processor Utilization and Network Traffic Unaffected on all monitored machines (250) Processor Utilization on Event Log Sentry Server hovered around 3%Never higher than 7% Event Log Sentry Server also ran PDC and SQL Server

Conclusions from Test Environment I nstallations up to 500 Servers will only require two Event Log Sentry Servers for same performance as test environment O ne for Backup O ne for Database Storage

Planned for May 2002 Centralized Agent Template Storage with IIS Automatic Web Updates for 3 rd Party Agent Templates ODBC Compliance

Works with Windows 2000 NT Event Logs System Application Security Windows 2000 Active Directory Logs Directory Service DNS Server File Replication Service

Event Log Sentry and Event Log View Overall Benefits Immediately isolate and prevent system and security threats through real-time notifications and automated actions Research failures and breaches through an archived repository Increase network visibility to improve security and systems management Reduces TCO by reducing time spent viewing, monitoring, and managing event logs

Engagent Inc. Engagent th Ave NE Kirkland, WA (877)