Skip navigation

Event log Monitoring and consolidation

Event Sentry  
 
Live Demo: Event Sentry Live Demo Event Sentry Live Demo 
Screenshots: Event Sentry Screenshot Event Sentry Screenshot Event Sentry Screenshot 
Help: Event Sentry Help 
Event Sentry Features Event Sentry Print this Page Event Sentry Features 


Real-Time Event Log Monitoring

Event Log Monitoring Icon Real-time Event Log monitoring is the core feature of EventSentry and allows you to monitor all standard (Application, Security, System, DNS Server, File Replication Service, Directory Service) and custom event logs. Event Log entries can be forwarded to a variety of immediate notifications (e.g. email, pager, SNMP etc.) or notifications designed for consolidation (e.g. database, files, etc.).

Event Log processing is easily configured with filters Event Sentry Filter Screenshot, which enable you to configure exactly which entries should be forwarded to which notification. For example, you can have web server related messages sent to the webmaster, while sending all other critical messages to the network administrator. Exclude filters can be used to ignore certain event log entries which are not relevant for you.

Event Log messages can be filtered by the following criteria:

  • Event Log (e.g. Application, Security, System, DNS Server, ...)
  • Event Severity (e.g. Information, Warning, Error, ...)
  • Event ID
  • Event Source
  • Event Category
  • Event Computer
  • Event Message
  • Weekday and time


Thresholds

You can also apply threshold settings to filters, which adds the following additional features to filters:

Vertical Ruler
  • Determine if a particular event occurs more than X times in a certain time period
  • Prevent a large amount of identical event log records from flooding a particular notification
  • Determine if there is unusually high activity in an event log

For example, you can be notified of more than 10 failed login attempts per minute in the security event log.


Recurring Events

Recurring Events Icon Sometimes you need to know when events do not occur, and not the other way round. With the recurring events feature you specify when you expect one or more events (according to a filter rule) to occur, and be notified if they are not. This is extremely useful to verify whether applications like NT Backup or other applications ran successfully - all while keeping the amount of emails you receive to a minimum.


Filter Timers

Filter Timer Icon Filter timers can clear previously generated alerts to avoid unnecessary notifications. For example, let's say you receive an alert that a critical service is stopping, only to get another alert 10 seconds later telling you that the service was restarted. With filter timers you can avoid those types of alerts.


Summary Notifications

Event Log Summary Icon Summary notifications allows you to receive summaries of your system's activity. It allows you to receive events by email, collected over a period of time, rather than being notified immediately. The summary notification feature can also be used to cache database consolidation on the monitored servers and retransmit the collected events during offpeak hours.

Example 1: You can receive a daily summary of all failed login attempts from a particular server every day at 5pm while your fellow administrator receives an email every Friday at 2pm containing all error events from a file server.

Example 2: Instead of sending event log records to an ODBC target immediately, you can collect them to be sent during non-business hours so that as little bandwidth as possible is used during business hours.

More Power through Combinations


Combinations   All of the above features already allow you to create a lot of advanced filtering scenarios, but you can achieve literally every monitoring goal when combining the above features with each other.

For example, combine threshold and recurring events to make sure multipe NTBackup ran correctly or combine thresholds with summary notifications for customized summary emails.