Event Log Monitoring

Real-Time Event log and SIEM monitoring is the core monitoring component of EventSentry, and features one of most sophisticated filtering engines on the market.


Download Now Request a Web Demo


Real Time Event log monitoring is one of the core monitoring components of EventSentry, and its filtering engines gives you countless configuration options to achieve virtually any goal. You define which event log messages you are interested in and can dispatch them in several ways to different types of notifications.

For example, you can have database server related messages sent to your dba, while sending all other critical messages to the network administrator.

EventSentry’s filtering mechanism is one of the most powerful and flexible available on the market today and can satisfy almost any scenario. Send event log messages by SMTP email or via syslog, write them to a database or text/html file, (re)start a process or service in response to an event or launch a script or process.

Events can be matched by their basic properties (e.g. event source, category, event id, event message) and by insertion strings inside event messages; wild card matching as well as regular expression matching is also possible. This allows for fine-grained filtering, even supporting numerical comparisons as well as interpreting text inside events as usernames or file names. For example, you can be notified only if a user name that appears inside an event is a member of a specific group, or when a file name that appears inside an event matches a checksum.

Custom event logs are also supported, including new operational event logs introduced with Windows Vista.


Thresholds & Advanced Features

Additional event log monitoring features include filter thresholds which allow you to become notified when a certain number of events appear during a certain time interval (e.g. more than 10 login failures in 1 minute). Filter thresholds can also be used to ignore repetitive events when they reach a certain count.

The recurring event feature allows you to become notified when one or more events do not occur during a preset time period or interval. For example, you can get notified if a periodically logged event is not occurring, or if a specific task (e.g. a backup) didn’t run.

Filters can also depend on the current day or time, making it possible to sends alerts to different notifications depending on when they occur. You can also summarize and collect alerts, and then send out a batch at a given day/time. For example, event logs can be collected during the day, and transmitted to a central database after business hours.

Filter rules can also be set to expire at a certain day and time, making it easy to put temporary filter rules in place that will automatically expire (e.g. maintenance schedules).


Event Log Consolidation

Event Log Consolidation stores all or some event log entries in a central database (PostgreSQL 9x, MSSQL, MySQL and Oracle are currently supported). You can then search for events from the open-source EventSentry web reports or create custom reports. Reports can be exported into a variety of formats, including PDF, XML and CSV.