Knowledge Base




Yes. However if you change the service account used for the Collector you will not be able to reuse the existing certificate as a new one must be created when the Collector starts under a different account This will require a manual configuration update Push Configuration for your agents as they will otherwise refuse to connect to the Co...

KB-ID 290
Category: Collector Service
Applies to: 3.2 and newer

To utilize the collector feature the following prerequisites need to be met: The collector service needs to be installed and running on at least one host on your network The collector needs to be enabled The collector needs to be configured optional At least one action needs to be configured to use the collector The configuratio...

KB-ID 295
Category: Collector Service
Applies to: 3.2 and later

Utilizing the collector service offers the following advantages: Communication between the collector and the agents can automatically be encrypted Communication between the collector and the agents can automatically be compressed ODBC drivers do not need to be installed on the monitored hosts The agents no longer communicate with the res...

KB-ID 296
Category: Collector Service
Applies to: 3.2 and later

If you go into the Windows event viewer on your EventSentry server select the Application log and look for event 117 118 or 119 from EventSentry Collector as the source. If these events exist here are the steps you can take to resolve these error events and allow the agents to connect: Event 117 This error is generated because the ...

KB-ID 307
Category: Collector Service
Applies to: 3.2 and newer

This can happen if you reset your collector certificate without pushing the new configuration within 1 week or by migrating the EventSentry server to a new machine after the collector was previously used. You can fix this by clicking Reset Certificate in the collector settings and pushing the new configuration to all of your agents and then re...

KB-ID 308
Category: Collector Service
Applies to: 3.2 and newer

Yes however if you change the certificate used for the Collector your agents will refuse to connect to the Collector once the certificate has changed. This will require a manual configuration update Push Configuration for your agents so that they can reconnect. You can substitute the selfsigned certificate which is automatically genera...

KB-ID 328
Category: Collector Service
Applies to: 3.2 and higher

Since EventSentry utilizes the TLS capabilities of the OS the version of TLS being used between the collector and the agents depends both on the version of Windows the collector is running on and the version of Windows the agent is running on. By default client agent and server collector will negotiate the following TLS parameters illu...

KB-ID 335
Category: Collector Service
Applies to: 3.2 and higher

I39m receiving the following error from the collector: Event ID: 905Source: EventSentryCategory: Collector Client The EventSentry agent is unable to establish a secure connection with any of the listed collectors:servername.domain.local5001: Could not acquire security credentials: error 0x80090331. 273 You will receive this error messa...

KB-ID 336
Category: Collector Service
Applies to: 3.2 or newer

It is not possible to automatically loadbalance with multiple Collector hosts but you can manually distribute the load by allocating certain groups or specific hosts to a specific collector priority. Please note that the agent will use the first collector in the list unless it can39t connect or the connection gets interrupted and it can39t re...

KB-ID 342
Category: Collector Service
Applies to: 3.3 and later

There are several different errors that can occur. Timeout 301 Please ensure that the agent can resolve the collector name if an IP is not being used for the collector name. Also please ensure that the agent can access the specified port number for the collector39s IP address you can test this using Telnet Client in Windows. Disconnect...

KB-ID 348
Category: Collector Service
Applies to: 3.2 and newer

The maximum size of the debug log file for the collector service can be adjusted with the debuglevelmaxsize registry value. This DWORD value specifies the maximum size of each debug log file in megabytes consequently the total disk space used will be twice the size of the registry value. The default size for each debug log file is 150M...

KB-ID 388
Category: Collector Service
Applies to: 4.0.1 and higher

Yes please navigate to https://www.eventsentry.com/support/documentation to download the help file and/or quickstart guide. Both documents are available in the following formats: Microsoft Help.chm Adobe PDF.pdf HTML.htm Multimedia Help.exe

KB-ID 4
Category: General
Applies to: All Versions

Yes it is recommended that you uninstall EventSentry Light with the setup application prior to installing the trial or full version of EventSentry. You will not need to uninstall the agents service from remote machines simply use Remote Update to update the agents on the remote machines once you have installed the trial version.

KB-ID 5
Category: Installation

If you use the builtin Postgres database you may need to optimize it: https://www.eventsentry.com/kb/232 If you use Microsoft SQL as your database you may need to optimize it: https://www.eventsentry.com/kb/35 If the recommended optimizations do not help please contact our support department for more indepth assistance. If you have a...

KB-ID 6
Category: Web Reports
Applies to: All

This error reported by Windows usually appears when Client for Microsoft Networks and/or NetBIOS are not installed on the management workstation and target machines for example when using Novell software. You will need to make sure that the Client for Microsoft Networks is installed when using remote update to install agents on remote...

KB-ID 8
Category: Installation

The EVENTSENTRYSVC.LOG file located in the SYSTEMROOT directory usually c:\winnt or c:\windows is the debug log file of the EventSentry agent. To reduce the size of this file set the Debug Level option in Service Control to None or Low and restart the EventSentry service. The contents of this file are always cleared when the ...

KB-ID 7
Category: General
Applies to: up to v2.43

It is important that filters using summary notifications are NOT configured to notify All Targets. When using summary notifications make sure that one and only one target is present in the filters Targets list of the General tab.

KB-ID 9
Category: Configuration

After making configuration changes on your management workstation you will need to use the Update Configuration feature of remote update to push the updated configuration to your remote machines. Rightclick the Computers container of the group you want to update and select Update Configuration. In the next dialog make sure that the co...

KB-ID 10
Category: Configuration
Applies to: All Versions

When using ODBC targets you will need to make sure that: The System DSN referenced in the ODBC target is present on all computers writing to the database. This requirement does not apply to version 2.50 and higher which also supports connection strings. Otherwise you can use AutoAdministrator to push out DSN names to remote machines. ...

KB-ID 11
Category: Notifications

Starting with EventSentry version 2.70 you can view the native event log files usually with a .evt extension with the builtin event log viewer of EventSentry. Simply rightclick the Event Log Viewer container and select Open Log File. If you are running EventSentry v2.60 or earlier then you will need to open the event log files with th...

KB-ID 12
Category: Usage

You can export and thus backup the EventSentry configuration by selecting Export from the Home menu of the EventSentry management application. This will save the entire configuration from the registry in a .reg file. Once EventSentry is installed using the wizard on the alternate server you can select Home Import from within th...

KB-ID 13
Category: Configuration
Applies to: All Versions

You can be notified when a remote web site certificate is about to expire using checkurl.exe from EventSentry SysAdmin Tools. For that we are going to: 1. Install EventSentry SysAdmin tools to user checkurl.exe feature. 2. Create an User Embedded Scrip 3. Create an application schedule to run the script on certain schedule. 4. Creating ...

KB-ID 431
Category: Network Monitoring
Applies to: 4.1 and later

Yes any user with administrative privileges can view and change the EventSentry configuration. The entire EventSentry configuration is stored on a permachine basis so it doesn39t matter which user logs on to the computer where the EventSentry management application is installed. The only settings that are store on a peruser basis are th...

KB-ID 14
Category: Configuration

No restarting the EventSentry service on any machine will have no effect on other machines since the agent only works with the local event logs. The EventSentry agent does write a few events to the local machine39s Application event log upon a service restart however.

KB-ID 15
Category: Usage

Filters are processed sequentially onebyone by the EventSentry agent. If an event matches multiple filters then every filter matching the event will send the event information to the configured target. This usually happens when more than one filter is configured to use All Targets. To avoid seeing events multiple times: Configure ...

KB-ID 16
Category: Configuration
Applies to: up to 2.60