The WhatsUp Log Management Solution is a collection of Windows Event Log (EVT and EVTX) and Syslog file archiving, viewing, reporting, monitoring and alerting tools. The suite comprises Event Archiver for long-term archiving of events, Event Alarm for real-time monitoring and alerting of events, Event Analyst for event reporting and Event Rover for advanced event viewing. The products can be used together, forming the WhatsUp Log Management Suite or individually.
Event Analyst makes it easy to analyse your event log stores. You can sort through log file data down to a specific event or view, filter, export and report on those events of interest to you. Event Analyst comes with standard reports you can use for general event log information and compliance reporting and supports creation of custom reports on any set of filtered entries. Reports can be scheduled to be emailed automatically or you can manually share them with management and auditors in printer friendly HTML formats. Works directly with WhatsUp Event Archiver and WhatsUp Event Alarm or can be used as a standalone solution.
- Includes 100+ predefined filters
- Use advanced event filtering based on past date ranges, event ID or computer look up
- Jump to specific dates, sift through logs or scroll them chronologically
- Correlate and analyse across events and event descriptions across multiple log files at once
- Tracking of successful and failed attempts by users to access objects and automated event correlation with related file or folder deletion activity
- Supports a range of compliance initiatives includes Sarbanes Oxley, HIPAA, FISMA, PCI, MiFID, Gramm-Leach Bliley and more
- Includes LogRefiner technology to normalise and report on EVT (XP/2003) and EVTX (Vista or later) log files
- Easy-to-use custom report designer
- Quick access to scheduled reports and past report distribution history
- Easy export of pre-built report titles and information on what they target
- Licensed per server and/or workstation from which logs are being analysed.
Event Archiver provides client-less technology that automatically collects your Windows log data from across your organisation and can work with both EVT and EVTX files side-by-side in one console. It works across Windows systems from Windows NT to Windows 7 and can automatically backup and clear Windows system event log files on remote systems as required.
- Enables scheduled collection of Windows and W3C/IIS logs into one console
- Works with remote and hosted agent data collection architectures - can work with remotely collected log data through an included log importer
- Supports all Windows versions from NT, 2000, XP, 2003, Vista, 2008 and Windows 7
- Allows 'leave a copy' collection of active log data on the server or can automatically backup/clear event logs on a remote system
- Automatically transfers log files beyond a specified file size to a working directory for local processing to optimise bandwidth and processing costs
- Enables storing of collected Windows log data to a centralised data store
- Works with your existing Microsoft Access or Microsoft SQL databases
- Protects archived files from tampering via cryptographic hashing
- Licensed per server and/or workstation from which logs are being archived.
Event Alarm constantly watches event log files (EVT, EVTX, W3C, Syslog) and can immediately alert you when a specific event happens anywhere in the network. Event Alarm supports multiple forms of alerts including email alerts, network pop-ups, pager calls, Syslog server forwarding and more. It also comes with over 100 standard alerts which you can immediately setup to watch your network.
- Real time monitoring of Windows Event logs - monitor application, system, security, DNS, directory, file replication services and more on anything from Windows NT to Windows 7
- Real time monitoring of Syslog messages from other Unix/Linux systems, routers, switches and firewalls and stores them in the Application Log for centralised collection and alerting
- Real time monitoring of W3C logs to give you visibility across your Web Servers, Load Balancers, Firewalls, Proxy Servers or Content Security appliances
- Supports remote or agent-based monitoring
- Immediately identify key events such as access and permission changes to Files, Folders, and Objects containing financial, customer or compliance data
- Intelligent flood control feature limits repeat notification from the same set of alarms and allows administrators to routinely ignore some event types from alarming
- Supports multiple notification options including email, network popup, pager, Syslog forwarding, and broadcast messages
- Completely configurable alarm notification settings based on time of day and day of week
- Supports custom thresholds - e.g. only run an alarm if an event occurs X times
- Licensing is based on the number of servers and/or workstations from which logs are being generated for monitoring.
Event Rover provides an event log viewer for quick forensics and log file review. The innovative new way to view and mine event logs from specific machines provides powerful sorting mechanisms and can significantly reduce the time required hunting for an individual event log. You can run basic reports out-of-the-box, use both EVT and EVTX event log formats and have peace of mind that you will not be affecting the integrity of a systems master log files and much more.
Log Management Suite
- Review log events from both EVT and EVTX files
- Sort event log data into trees based on event log fields and dynamically resort this data on the fly
- Export to CSV and HTML report formats, with the ability to add comments to HTML reports
- Filter log data by date or other log fields
- Create friendly descriptions for common event identifier numbers
- Save frequently used filters to a local database and locally cache event log files for enhanced performance
- Perform NTFS compression of the local event logs database to maximise storage
- Licensing is based on the number of servers and/or workstations generating logs to be viewed or mined.
This is the complete suite of Event Log Management products including Event Analyst, Event Archiver, Event Alarm and Event Rover.