Yes. However if you change the service account used for the Collector you will not be able to reuse the existing certificate as a new one must be created when the Collector starts under a different account This will require a manual configuration update Push Configuration for your agents as they will otherwise refuse to connect to the Co...
To utilize the collector feature the following prerequisites need to be met: The collector service needs to be installed and running on at least one host on your network The collector needs to be enabled The collector needs to be configured optional At least one action needs to be configured to use the collector The configuratio...
Utilizing the collector service offers the following advantages: Communication between the collector and the agents can automatically be encrypted Communication between the collector and the agents can automatically be compressed ODBC drivers do not need to be installed on the monitored hosts The agents no longer communicate with the res...
If you go into the Windows event viewer on your EventSentry server select the Application log and look for event 117 118 119 122 or 123 from EventSentry Collector as the source. If these events exist here are the steps you can take to resolve these error events and allow the agents to connect: Event 117 This error is generated be...
This can happen if you reset your collector certificate without pushing the new configuration within 1 week or by migrating the EventSentry server to a new machine after the collector was previously used. If you reset the certificate without pushing the configuration in time or these errors were caused by a migration of your EventSentry serve...
Yes however if you change the certificate used for the Collector your agents will refuse to connect to the Collector once the certificate has changed. This will require a manual configuration update Push Configuration for your agents so that they can reconnect. You can substitute the selfsigned certificate which is automatically genera...
Since EventSentry utilizes the TLS capabilities of the OS the version of TLS being used between the collector and the agents depends both on the version of Windows the collector is running on and the version of Windows the agent is running on. By default client agent and server collector will negotiate the following TLS parameters illu...
I39m receiving the following error from the collector: Event ID: 905Source: EventSentryCategory: Collector Client The EventSentry agent is unable to establish a secure connection with any of the listed collectors:servername.domain.local5001: Could not acquire security credentials: error 0x80090331. 273 You will receive this error messa...
It is not possible to automatically loadbalance with multiple Collector hosts but you can manually distribute the load by allocating certain groups or specific hosts to a specific collector priority. Please note that the agent will use the first collector in the list unless it can39t connect or the connection gets interrupted and it can39t re...
There are several different errors that can occur. Timeout 301 or Connection Timed Out 10060 Please ensure that the agent can resolve the collector host name if an IP is not being used for the collector name. Also please ensure that the agent can access the specified port number for the collector39s IP address you can test this using ...
The maximum size of the debug log file for the collector service can be adjusted with the debuglevelmaxsize registry value. This DWORD value specifies the maximum size of each debug log file in megabytes consequently the total disk space used will be twice the size of the registry value. The default size for each debug log file is 150M...
Yes please navigate to https://www.eventsentry.com/support/documentation to download the help file and/or quickstart guide. Both documents are available in the following formats: Microsoft Help.chm Adobe PDF.pdf HTML.htm Multimedia Help.exe
Yes it is recommended that you uninstall EventSentry Light with the setup application prior to installing the trial or full version of EventSentry. You will not need to uninstall the agents service from remote machines simply use Remote Update to update the agents on the remote machines once you have installed the trial version.
If you use the builtin Postgres database you may need to optimize it: https://www.eventsentry.com/kb/232 If you use Microsoft SQL as your database you may need to optimize it: https://www.eventsentry.com/kb/35 If the recommended optimizations do not help please contact our support department for more indepth assistance. If you have a...
This error reported by Windows usually appears when Client for Microsoft Networks and/or NetBIOS are not installed on the management workstation and target machines for example when using Novell software. You will need to make sure that the Client for Microsoft Networks is installed when using remote update to install agents on remote...
The EVENTSENTRYSVC.LOG file located in the SYSTEMROOT directory usually c:\winnt or c:\windows is the debug log file of the EventSentry agent. To reduce the size of this file set the Debug Level option in Service Control to None or Low and restart the EventSentry service. The contents of this file are always cleared when the ...
It is important that filters using summary notifications are NOT configured to notify All Targets. When using summary notifications make sure that one and only one target is present in the filters Targets list of the General tab.
After making configuration changes on your management workstation you will need to use the Update Configuration feature of remote update to push the updated configuration to your remote machines. Rightclick the Computers container of the group you want to update and select Update Configuration. In the next dialog make sure that the co...
When using ODBC targets you will need to make sure that: The System DSN referenced in the ODBC target is present on all computers writing to the database. This requirement does not apply to version 2.50 and higher which also supports connection strings. Otherwise you can use AutoAdministrator to push out DSN names to remote machines. ...
Starting with EventSentry version 2.70 you can view the native event log files usually with a .evt extension with the builtin event log viewer of EventSentry. Simply rightclick the Event Log Viewer container and select Open Log File. If you are running EventSentry v2.60 or earlier then you will need to open the event log files with th...
You can be notified when a remote web site certificate is about to expire using checkurl.exe from EventSentry SysAdmin Tools. For that we are going to: 1. Install EventSentry SysAdmin tools to user checkurl.exe feature. 2. Create an User Embedded Scrip 3. Create an application schedule to run the script on certain schedule. 4. Creating ...
Yes any user with administrative privileges can view and change the EventSentry configuration. The entire EventSentry configuration is stored on a permachine basis so it doesn39t matter which user logs on to the computer where the EventSentry management application is installed. The only settings that are store on a peruser basis are th...
No restarting the EventSentry service on any machine will have no effect on other machines since the agent only works with the local event logs. The EventSentry agent does write a few events to the local machine39s Application event log upon a service restart however.
Filters are processed sequentially onebyone by the EventSentry agent. If an event matches multiple filters then every filter matching the event will send the event information to the configured target. This usually happens when more than one filter is configured to use Trigger all actions. To avoid seeing events multiple times: Co...
Some antivirus software products e.g. McAfee starting with version 8.x block and/or intercept outgoing connections to port 25. This will interfere with the EventSentry SMTP notification actions which sends emails using SMTP port 25. You will need to disable or customize the SMTP protection feature of your antivirus product to make the SMT...
