EventSentry requires the EventSentry agent to installed on running on all machines that you need to monitor. If the agent is not installed or stopped no monitoring will occur. If the EventSentry is stopped then you can either start it by opening up the Services control panel selecting the EventSentry service and starting it or you can...
It is not recommended to run the Heartbeat Agent under the LocalSystem account if you are monitoring the status of the EventSentry service agent on remote computers. This is because the LocalSystem account does not in most cases have permission to query the status of the EventSentry service. This results in Access Denied error messages ...
EventSentry secures the registry key where the EventSentry configuration is stored HKLM\Software\netikus.net\EventSentry by removing the following builtin users and groups every time the Management Console or Agent is started: Users Power Users Everyone Guest Terminal Server User from the ACL that protects the main registr...
You can configure EventSentry to connect to database servers either by using an ODBC connection string recommended or by using an ODBC System DSN. System DSN39s are generally not recommended due to resulting additional administrative overhead. If you configure an EventSentry database action with a System DSN then all computers that are runn...
EventSentry currently uses ODBC to communicate with the available database servers including MySQL. As such an ODBC driver for the selected database type needs to be installed on all hosts that are running the agent and need to consolidate information to the database. As such you will need to install the MySQL ODBC driver on all machines t...
It is not recommended that you use the supplied Access database in an EventSentry installation that includes more than one computer. Microsoft Access does not handle large quantities of data well and the remote computers running the ES Agent will need to be reconfigured so that they can access the central Access database. If you are looki...
The EventSentry registry contains the installdir value that stores the physical location where EventSentry is installed with the setup program C:\Program Files\EventSentry by default. This registry value does not affect machines that are only running the EventSentry agent. If this value is missing or wrong then you might have troubles...
The Process Tracking feature of EventSentry relies on the Operating System logging security events to the security event log indicating when processes are started and stopped. These security events are generated when Audit Process Tracking is enabled in the active security policy. Please see the additional links below for information on ...
The Logon Tracking feature of EventSentry relies on the Operating System logging security events to the security event log indicating when users log on and log off. These security events are generated when Audit Logon Events is enabled in the active security policy. Please see the additional links below for information on how to enable ...
To enable ASP support on IIS ASP support is disabled by default follow the steps below: IIS 6 Go to Start Settings Control Panel Open Add or Remove Programs Click on Add/Remove Windows Components Select Application Server and click Details Select Internet Information Services IIS and click Details Select World Wide ...
Since no database action was found in the EventSentry configuration you will not be able to consolidate any information e.g. events performance information inventory etc.. You need to setup a database action including an EventSentry database to start consolidating information. Please see the additional links below for more information.
The support utility was not able to connect to one of the configured database actions which usually indicates a connectivity problem between the host where the support utility was launched and the database server. Please try the following steps: Make sure that you have the required ODBC drivers installed. See Database ODBC Drivers for m...
Yes please navigate to https://www.eventsentry.com/support/documentation to download the help file and/or quickstart guide. Both documents are available in the following formats: Microsoft Help.chm Adobe PDF.pdf HTML.htm Multimedia Help.exe
Yes it is recommended that you uninstall EventSentry Light with the setup application prior to installing the trial or full version of EventSentry. You will not need to uninstall the agents service from remote machines simply use Remote Update to update the agents on the remote machines once you have installed the trial version.
If you use the builtin Postgres database you may need to optimize it: https://www.eventsentry.com/kb/232 If you use Microsoft SQL as your database you may need to optimize it: https://www.eventsentry.com/kb/35 If the recommended optimizations do not help please contact our support department for more indepth assistance. If you have a...
This error reported by Windows usually appears when Client for Microsoft Networks and/or NetBIOS are not installed on the management workstation and target machines for example when using Novell software. You will need to make sure that the Client for Microsoft Networks is installed when using remote update to install agents on remote...
The EVENTSENTRYSVC.LOG file located in the SYSTEMROOT directory usually c:\winnt or c:\windows is the debug log file of the EventSentry agent. To reduce the size of this file set the Debug Level option in Service Control to None or Low and restart the EventSentry service. The contents of this file are always cleared when the ...
It is important that filters using summary notifications are NOT configured to notify All Targets. When using summary notifications make sure that one and only one target is present in the filters Targets list of the General tab.
After making configuration changes on your management workstation you will need to use the Update Configuration feature of remote update to push the updated configuration to your remote machines. Rightclick the Computers container of the group you want to update and select Update Configuration. In the next dialog make sure that the co...
When using ODBC targets you will need to make sure that: The System DSN referenced in the ODBC target is present on all computers writing to the database. This requirement does not apply to version 2.50 and higher which also supports connection strings. Otherwise you can use AutoAdministrator to push out DSN names to remote machines. ...
Starting with EventSentry version 2.70 you can view the native event log files usually with a .evt extension with the builtin event log viewer of EventSentry. Simply rightclick the Event Log Viewer container and select Open Log File. If you are running EventSentry v2.60 or earlier then you will need to open the event log files with th...
You can be notified when a remote web site certificate is about to expire using checkurl.exe from EventSentry SysAdmin Tools. For that we are going to: 1. Install EventSentry SysAdmin tools to user checkurl.exe feature. 2. Create an User Embedded Scrip 3. Create an application schedule to run the script on certain schedule. 4. Creating ...
Yes any user with administrative privileges can view and change the EventSentry configuration. The entire EventSentry configuration is stored on a permachine basis so it doesn39t matter which user logs on to the computer where the EventSentry management application is installed. The only settings that are store on a peruser basis are th...
No restarting the EventSentry service on any machine will have no effect on other machines since the agent only works with the local event logs. The EventSentry agent does write a few events to the local machine39s Application event log upon a service restart however.
Filters are processed sequentially onebyone by the EventSentry agent. If an event matches multiple filters then every filter matching the event will send the event information to the configured target. This usually happens when more than one filter is configured to use Trigger all actions. To avoid seeing events multiple times: Co...
