Some events that are processed by EventSentry are not formatted correctly even though they show up correctly with the builtin Windows Event Viewer. This seems to affect mostly events that are generated by Windows itself e.g. DNS Windows Backup etc. Those events seem to only contain parts of the event most strings and descriptions are miss...
Most of the event logs contained under the Microsoft folder in the Applications and Services Logs section of the Event Viewer can be monitored using the Custom Event Logs feature in EventSentry. To monitor these event logs you will need to specify the full path to the event log. You can obtain the path by viewing any event using the Win...
EventSentry has the ability to email a user or users when they have been logged into a server for a set time limit. For example a server or group of servers have an RDP connection limit and users should be reminded to log off when they are done. EventSentry can send email reminders to those users when they have been logged in for a certain am...
On hosts where the computer name exceeds the NetBIOS maximum of 15 characters some events may be logged to the event log with the truncated NetBIOScompatible name. Since EventSentry does not modify event log entries for a variety of reasons it is likely that you will see duplicate host names in the computer dropdown box of the event s...
Windows generates an event ID 4688https://system32.eventsentry.com/security/event/4688 in the Windows Security Event Log when a process gets launched. In EventSentry an include filter to monitor for those events needs to be created and associated with an email action so that an email alert is sent once this specific process gets started....
Filters are an essential part of EventSentry which allow you to configure a set of actions to activate whenever an event occurs. For example you can setup a filter to forward events to a database or in case of emergency send an email or SMS message to your phone. A filter can either be an include filter and forward events to a configured ac...
A standard EventSentry event log filter will forward the configured event to the configured action every time the event occurs. Alternatively a filter threshold will limit a filter to only perform the configured action if it meets a certain limit. AgentSide/CollectorSide This dropdown in the general settings of the threshold ta...
A Recurring Event filter is useful in situations where you would like to take an action when an event does not occur. A common use case for this is a successful backup job. Most backup software will write an event to the event log when it completes successfully. If this event is not generated then we know something went wrong with the b...
A summary event log filter allows for events to be collected over a period of time rather than sending you an alert or performing an action immediately. You can turn any Event Log filter to a summary event filter by clicking the Hour/Day tab and setting the schedule type to Summary. If an event occurs during the specified...
An include or exclude event log filter can be created from any event log using the builtin Event Log Viewer in the EventSentry management console. This is a quick and easy way to generate event log filters that match an event and they can then be tweaked as needed. Getting Started First find the event you wish to make a filter for. ...
The initial install of EventSentry includes several default packages that match common scenarios our customers face. For example when an error is detected on a hard disk most administrators would like to receive an alert. However there may be some events that are a bit more specific to your network that you would like to receive. If you are mo...
Filter Timers give you the ability to ignore events if they are followed by a specific second event within a set time period. For example you probably want to be notified when a server goes offline for more than 5 minutes but it might be OK if the server comes back online after 2 minutes. Another example where a filter timer would be useful...
Yes please navigate to https://www.eventsentry.com/support/documentation to download the help file and/or quickstart guide. Both documents are available in the following formats: Microsoft Help.chm Adobe PDF.pdf HTML.htm Multimedia Help.exe
Yes it is recommended that you uninstall EventSentry Light with the setup application prior to installing the trial or full version of EventSentry. You will not need to uninstall the agents service from remote machines simply use Remote Update to update the agents on the remote machines once you have installed the trial version.
If you use the builtin Postgres database you may need to optimize it: https://www.eventsentry.com/kb/232 If you use Microsoft SQL as your database you may need to optimize it: https://www.eventsentry.com/kb/35 If the recommended optimizations do not help please contact our support department for more indepth assistance. If you have a...
This error reported by Windows usually appears when Client for Microsoft Networks and/or NetBIOS are not installed on the management workstation and target machines for example when using Novell software. You will need to make sure that the Client for Microsoft Networks is installed when using remote update to install agents on remote...
The EVENTSENTRYSVC.LOG file located in the SYSTEMROOT directory usually c:\winnt or c:\windows is the debug log file of the EventSentry agent. To reduce the size of this file set the Debug Level option in Service Control to None or Low and restart the EventSentry service. The contents of this file are always cleared when the ...
It is important that filters using summary notifications are NOT configured to notify All Targets. When using summary notifications make sure that one and only one target is present in the filters Targets list of the General tab.
After making configuration changes on your management workstation you will need to use the Update Configuration feature of remote update to push the updated configuration to your remote machines. Rightclick the Computers container of the group you want to update and select Update Configuration. In the next dialog make sure that the co...
When using ODBC targets you will need to make sure that: The System DSN referenced in the ODBC target is present on all computers writing to the database. This requirement does not apply to version 2.50 and higher which also supports connection strings. Otherwise you can use AutoAdministrator to push out DSN names to remote machines. ...
Starting with EventSentry version 2.70 you can view the native event log files usually with a .evt extension with the builtin event log viewer of EventSentry. Simply rightclick the Event Log Viewer container and select Open Log File. If you are running EventSentry v2.60 or earlier then you will need to open the event log files with th...
You can be notified when a remote web site certificate is about to expire using checkurl.exe from EventSentry SysAdmin Tools. For that we are going to: 1. Install EventSentry SysAdmin tools to user checkurl.exe feature. 2. Create an User Embedded Scrip 3. Create an application schedule to run the script on certain schedule. 4. Creating ...
Yes any user with administrative privileges can view and change the EventSentry configuration. The entire EventSentry configuration is stored on a permachine basis so it doesn39t matter which user logs on to the computer where the EventSentry management application is installed. The only settings that are store on a peruser basis are th...
No restarting the EventSentry service on any machine will have no effect on other machines since the agent only works with the local event logs. The EventSentry agent does write a few events to the local machine39s Application event log upon a service restart however.
Filters are processed sequentially onebyone by the EventSentry agent. If an event matches multiple filters then every filter matching the event will send the event information to the configured target. This usually happens when more than one filter is configured to use Trigger all actions. To avoid seeing events multiple times: Co...
