Knowledge Base




video 3 Under 39Tools Embedded Scripts39 click 39New39 and then label this 39expiringcerts.ps139 and in the 39Script Content39 box add: powershell sl cert: MaxDays = 30 GetChildItem Recurse where .notafter le getdate.AddDaysMaxDays AND .notafter gt getdate.adddays365 select NotAftersubject Is...

KB-ID 395
Category: Monitoring

In the management console under 39Tools Embedded Scripts39 click 39New39 and give the script a descriptive name e.g. 39scriptname.ps139 and in the 39Script Content39 box add your script In the 39Interpreter field39 select 39powershell.exe inputformat none file39 from the dropdown and click 39OK39 Under 39System Health Packages39 create ...

KB-ID 396
Category: Application Scheduler
Applies to: 3.5 and later

For any Process action or Application Scheduler object in EventSentry you can use a nonembedded script by providing the full path to the script file i.e. C:\Batch\powershellscript.ps1. In many cases it is however easier to utilize the embedded scripts functionality. This allows you to embed scripts of any kind commandline scripts...

KB-ID 398
Category: Scripts
Applies to: 3.5 and later

We can monitor bandwidth jitter latency and packet loss using performance monitoring by monitoring the output of an executable. The command line CLI can be found here: Speedtest CLIhttps://bintray.com/ookla/download/downloadfilefilepath=ooklaspeedtest1.0.0win64.zip Download the above tool and for the purposes of this Howto we...

KB-ID 411
Category: Usage
Applies to: 4.1

Emotet https://en.wikipedia.org/wiki/Emotet is dangerous malware that has been infecting networks since 2016 causing serious damage to organizations. The team of JPCERThttps://www.jpcert.or.jp/english/ created Emocheckhttps://github.com/JPCERTCC/EmoCheck/releases a command line utility that detects running emotet processes. This a...

KB-ID 414
Category: Security

Utilman.exe is the utility program that is launched when the Ease of Access button on the login screen is clicked. At the time of writing it is still vulnerable to be replaced by cmd.exe allowing an attacker to simply reset any user password since the tool is executed with admin rights Infohttps://4sysops.com/archives/resetawindows1...

KB-ID 433
Category: Security
Applies to: 3.5 and later

Yes please navigate to https://www.eventsentry.com/support/documentation to download the help file and/or quickstart guide. Both documents are available in the following formats: Microsoft Help.chm Adobe PDF.pdf HTML.htm Multimedia Help.exe

KB-ID 4
Category: General
Applies to: All Versions

Yes it is recommended that you uninstall EventSentry Light with the setup application prior to installing the trial or full version of EventSentry. You will not need to uninstall the agents service from remote machines simply use Remote Update to update the agents on the remote machines once you have installed the trial version.

KB-ID 5
Category: Installation

If you use the builtin Postgres database you may need to optimize it: https://www.eventsentry.com/kb/232 If you use Microsoft SQL as your database you may need to optimize it: https://www.eventsentry.com/kb/35 If the recommended optimizations do not help please contact our support department for more indepth assistance. If you have a...

KB-ID 6
Category: Web Reports
Applies to: All

This error reported by Windows usually appears when Client for Microsoft Networks and/or NetBIOS are not installed on the management workstation and target machines for example when using Novell software. You will need to make sure that the Client for Microsoft Networks is installed when using remote update to install agents on remote...

KB-ID 8
Category: Installation

The EVENTSENTRYSVC.LOG file located in the SYSTEMROOT directory usually c:\winnt or c:\windows is the debug log file of the EventSentry agent. To reduce the size of this file set the Debug Level option in Service Control to None or Low and restart the EventSentry service. The contents of this file are always cleared when the ...

KB-ID 7
Category: General
Applies to: up to v2.43

It is important that filters using summary notifications are NOT configured to notify All Targets. When using summary notifications make sure that one and only one target is present in the filters Targets list of the General tab.

KB-ID 9
Category: Configuration

After making configuration changes on your management workstation you will need to use the Update Configuration feature of remote update to push the updated configuration to your remote machines. Rightclick the Computers container of the group you want to update and select Update Configuration. In the next dialog make sure that the co...

KB-ID 10
Category: Configuration
Applies to: All Versions

When using ODBC targets you will need to make sure that: The System DSN referenced in the ODBC target is present on all computers writing to the database. This requirement does not apply to version 2.50 and higher which also supports connection strings. Otherwise you can use AutoAdministrator to push out DSN names to remote machines. ...

KB-ID 11
Category: Notifications

Starting with EventSentry version 2.70 you can view the native event log files usually with a .evt extension with the builtin event log viewer of EventSentry. Simply rightclick the Event Log Viewer container and select Open Log File. If you are running EventSentry v2.60 or earlier then you will need to open the event log files with th...

KB-ID 12
Category: Usage

You can export and thus backup the EventSentry configuration by selecting Export from the Home menu of the EventSentry management application. This will save the entire configuration from the registry in a .reg file. Once EventSentry is installed using the wizard on the alternate server you can select Home Import from within th...

KB-ID 13
Category: Configuration
Applies to: All Versions

You can be notified when a remote web site certificate is about to expire using checkurl.exe from EventSentry SysAdmin Tools. For that we are going to: 1. Install EventSentry SysAdmin tools to user checkurl.exe feature. 2. Create an User Embedded Scrip 3. Create an application schedule to run the script on certain schedule. 4. Creating ...

KB-ID 431
Category: Network Monitoring
Applies to: 4.1 and later

Yes any user with administrative privileges can view and change the EventSentry configuration. The entire EventSentry configuration is stored on a permachine basis so it doesn39t matter which user logs on to the computer where the EventSentry management application is installed. The only settings that are store on a peruser basis are th...

KB-ID 14
Category: Configuration

No restarting the EventSentry service on any machine will have no effect on other machines since the agent only works with the local event logs. The EventSentry agent does write a few events to the local machine39s Application event log upon a service restart however.

KB-ID 15
Category: Usage

Filters are processed sequentially onebyone by the EventSentry agent. If an event matches multiple filters then every filter matching the event will send the event information to the configured target. This usually happens when more than one filter is configured to use All Targets. To avoid seeing events multiple times: Configure ...

KB-ID 16
Category: Configuration
Applies to: up to 2.60

Some AntiVirus software products e.g. McAfee starting with version 8.x block and/or intercept outgoing connections to port 25. This will interfere with the EventSentry SMTP notification target which sends emails using SMTP port 25. You will need to disable or customize the SMTP protection feature of your antivirus product to make the SMTP...

KB-ID 17
Category: Notifications

You will need to take additional configuration steps when configuring EventSentry to access resources located on different computer. By default the EventSentry agent =service runs under the LocalSystem account. This is a builtin system account that has administrative permissions on the local host but usually has no permissions on remote ...

KB-ID 18
Category: Usage

This is usually a permissions issue since the EventSentry agent is running under the LocalSystem account by default. Please click the help link below DOCID 18 for more information.

KB-ID 20
Category: Notifications

This is usually a permissions issue since the EventSentry agent is running under the LocalSystem account by default. Please click the help link below DOCID 18 for more information.

KB-ID 19
Category: Notifications

This is usually a permissions issue. When backing up the logs the EventSentry agent is running under the LocalSystem account by default and you might have to take additional steps in order for the backup to work. If you are only backing up the event logs then please click the help link below DOCID 18 for more information. If you are ba...

KB-ID 21
Category: Usage