Knowledge Base


Yes. To run the EventSentry Collector Service as a nonprivileged account such as NETWORK SERVICE follow the steps below: Navigate to SYSTEMROOT\system32\eventsentry and give the account FULL CONTROL to that directory. 64bit Windows: Open regedit and give the NETWORK SERVICE account FULL CONTROL to the HKEYLOCALMACH...

KB-ID 290
Category: Collector Service
Applies to: 3.2

To utilize the collector feature the following prerequisites need to be met: The collector service needs to be installed and running on at least one host on your network The collector needs to be enabled The collector needs to be configured optional At least one action needs to be configured to use the collector The configuratio...

KB-ID 295
Category: Collector Service
Applies to: 3.2 and later

Utilizing the collector service offers the following advantages: Communication between the collector and the agents can automatically be encrypted Communication between the collector and the agents can automatically be compressed ODBC drivers do not need to be installed on the monitored hosts The agents no longer communicate with the res...

KB-ID 296
Category: Collector Service
Applies to: 3.2 and later

If you go into the Windows event viewer on your EventSentry server select the Application log and look for event 117 118 or 119 from EventSentry Collector as the source. If these events exist here are the steps you can take to resolve these error events and allow the agents to connect: Event 117 This error is generated because the ...

KB-ID 307
Category: Collector Service
Applies to: 3.2 and newer

This can happen if you reset your collector certificate without pushing the new configuration within 1 week or by migrating the EventSentry server to a new machine after the collector was previously used. You can fix this by clicking Reset Certificate in the collector settings and pushing the new configuration to all of your agents and then re...

KB-ID 308
Category: Collector Service
Applies to: 3.2 and newer

Yes you can substitute the selfsigned certificate which is automatically generated by the collector by following the steps below. You will need to provide a passwordprotected PKCS12 archive file with a .PFX extenstion. Download the PSEXEC utility from the SysInternals suite and copy it to the machine where the EventSentry Collector serv...

KB-ID 328
Category: Collector Service
Applies to: 3.2 and higher

Since EventSentry utilizes the TLS capabilities of the OS the version of TLS being used between the collector and the agents depends both on the version of Windows the collector is running on and the version of Windows the agent is running on. By default client agent and server collector will negotiate the following TLS parameters illu...

KB-ID 335
Category: Collector Service
Applies to: 3.2 and higher

I39m receiving the following error from the collector: Event ID: 905Source: EventSentryCategory: Collector Client The EventSentry agent is unable to establish a secure connection with any of the listed collectors:servername.domain.local5001: Could not acquire security credentials: error 0x80090331. 273 You will receive this error messa...

KB-ID 336
Category: Collector Service
Applies to: 3.2 or newer

It is not possible to automatically loadbalance with multiple Collector hosts but you can manually distribute the load by allocating certain groups or specific hosts to a specific collector priority. Please note that the agent will use the first collector in the list unless it can39t connect or the connection gets interrupted and it can39t re...

KB-ID 342
Category: Collector Service
Applies to: 3.3 and later

There are several different errors that can occur. Timeout 301 Please ensure that the agent can resolve the collector name if an IP is not being used for the collector name. Also please ensure that the agent can access the specified port number for the collector39s IP address you can test this using Telnet Client in Windows. Disconnect...

KB-ID 348
Category: Collector Service
Applies to: 3.2 and newer