PingSentry   |   Discord   |   System32   |   GitHub   |   Free tools

Monitoring & Maintaining EventSentry Integrity

Article ID: 535
Category: Security
Applies to: 5.x
Updated: 2025-09-22

This article explains how to monitor and maintain the integrity of an EventSentry installation.

Services

All EventSentry service names (both the service key name as well as the display name) start with the name "EventSentry". Services set to automatic startup type should always be running.

Binaries

Critical EventSentry binaries (*.exe, *.dll) are located in the following directories and can be monitored for modifications; these files are generally only changed when a patch or update are installed.

  • %SYSTEMROOT%\system32\eventsentry
  • C:\Program Files\EventSentry
  • C:\Program Files\EventSentry\postgresql14\bin (if installed)

It is only necessary to monitor the listed directories without sub directories.

Configuration

The EventSentry configuration is stored in the registry under HKLM\Software\netikus.net\EventSentry and the following subkeys can be monitored for changes:

1
2
3
4
5
6
7
8
9
10
11
12
13

HKLM\Software\netikus.net\EventSentry\ADMonitor
HKLM\Software\netikus.net\EventSentry\Arp
HKLM\Software\netikus.net\EventSentry\Authentication
HKLM\Software\netikus.net\EventSentry\EmbeddedScripts
HKLM\Software\netikus.net\EventSentry\Filtergroups
HKLM\Software\netikus.net\EventSentry\FlatFiles
HKLM\Software\netikus.net\EventSentry\NetFlow
HKLM\Software\netikus.net\EventSentry\Packages
HKLM\Software\netikus.net\EventSentry\Scripts
HKLM\Software\netikus.net\EventSentry\Snmp
HKLM\Software\netikus.net\EventSentry\Sync
HKLM\Software\netikus.net\EventSentry\Syslog
HKLM\Software\netikus.net\EventSentry\Targets

Additionally, the EventSentry management console will log the following events when the application is opened as well as when the configuration is changed:

Event Log Event Source Event Severity Event ID Description
Application EventSentry Information 1150 EventSentry management console launched
Application EventSentry Information 1152 EventSentry configuration changed & saved

EventSentry Management Console Launched

EventSentry Configuration Saved

Web Reports

The configuration for the EventSentry Web Reports is stored in C:\Program Files\EventSentry\WebReports\conf by default, and the following files can be monitored:

  • configuration.xml
  • jobs.xml
  • reports.xml
  • users.xml

These files should only change if jobs/reports/users are added or removed, or when the configuration of the web reports is changed.


Support Resources

Knowledge Base Knowledge Base
Documentation Documentation
Screenshot Screencasts
Blog Blog

Contact Support

Phone 1-877-NETIKUS
Email support@netikus.net

Tags

configuration integrity

Try EventSentry on-premise

FREE 30-day evaluation

Download Now