With the current low prices for servers and the need for processing power, even a small company may end up with quite a few of them. If ten years ago it was still common to see an entire company using just one server, these days that's no longer the case.
New computers are added to the network with the understanding that they will be taken care of by the admins. Keeping an eye on these servers is a tedious, time-consuming process. Even with 5 minutes per server (to check the logs and other parameters), it may take an hour to make sure that everything is ok and no "red lights" are blinking on any of the servers.
Yet, what admin has an hour daily to ensure "due care"? In real life, the admins will check the servers only if something appears to be wrong with them. In an ideal world, the admins should be notified every time a errors or warnings are recorded in the server logs. Various monitoring solutions are available on the market, some quite complex, but many are trying to do too much or are reporting the wrong things. A PDF file with pie charts showing the distribution of events per server is pretty much useless. The cost of such solution may also become an issue even for bigger companies and add yet another burden to the administrators' shoulders. Event log monitoring solutions such as ManageEngine, GFI EventsManager, Nagios, TNT, Splunk and many others can easily end up costing thousands of dollars up front plus yearly maintenance. They have many bells and whistles yet in the end only one thing is required: notify the admins about issues recorded in the event log and help them with the troubleshooting process.
EvLog 3.0 has been created and improved for many years in order to ensure that the task of collecting and reporting event log entries is performed with minimal efforts and resources. Every morning we are getting an email from the monitored computers with the events that match the filters:
With a quick glance, we can tell if something out of the ordinary happened. For each event in the report, troubleshooting information is just one click away, using the links to www.eventid.net. If enabled, Evvy, the AI component built in EvLog adds comments for each event such as "First time recorded!" to indicate that this is an unusual event.
Once the software is installed and the analysis parameters such as filters, report format, email details, etc set, the "main" configuration file can be copied to all servers, so the configuration work is minimal.
For servers that require close to real-time monitoring, EvLog can be setup with a special configuration file, and scheduled to parse the event logs at 5 minutes intervals and send notifications if events matching the configured filter are recorded (i.e. errors). This can run in parallel with the daily report.
For those that want to archive the event logs for various purposes, EvLog has the ability to backup the events in text format (or forward them to a syslog server) and clear the logs. Regulations such as SOX (Sarbanes Oxley Act) require a 7-year retention of security/audit logs. The text-based logs are highly compresible so one can store many years worth of logs without requiring TBs of storage space.
A single www.eventid.net subscription provides EvLog licenses for an unlimited number of servers for as long as the subscription is valid. A $49/year corporate subscription not only provides the software to monitor all the servers but also full access to the content provided by www.eventid.net.
Download EvLog today and try it for 30 days with the full features enabled!
Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.
Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.