The Logging Experts
Created by Wajih-ur-Rehman What is the difference between SETP and Syslog and what advantages does SETP offer over Syslog? Following are some of the points related to traditional Syslog: Its a UDP based protocol. It doesn’t provide any guarantees of message delivery. It doesn’t parses the data so most of the fields of MonitorWare Database […]
Article created by Tamsila-Q-Siddique. WinSyslog and EventReporter are subset of MonitorWare Agent. This means that there would be no difference in the set up creation.You need administrative privileges on each of the machines. This is required both for installation and configuration. Make sure you log on with a sufficiently privileged user account. Download your desired […]
If you have to create an archive of past events, this scenario is for you. The main focus here is storage of event data. Potentially, data is stored for a long time and eventually never being overwritten. It is also highly likely that data will be written to a read-only media like CD-R. Event archive […]
If you are interested in receiving a consolidated view of your overall system state and activity, you are probably interested in the analysis features of the MonitorWare system. Please note that this chapter is currently being expanded. As such, the examples and uses given herein do only reflect some of the things that can be […]
Article created by Rainer Gerhards. In all but the easiest scenarios event data needs to be relayed between different machines. Please note that relaying is also often referred to as “forwarding” – both terms have the same meaning in the context of this documentation. A typical relay scenario might look like follows: Here, devices send […]
Article created by Rainer Gerhards. Solving problems is closely related to alerting. As with alerting, actions are to be executed if a trigger condition exists. With problem-solving, these are actual corrective actions. Samples are deleting temporary files when disk space goes low or blocking an external IP address in a firewall in case an attack […]
Article created by Rainer Gerhards. In this scenario, the primary concern is to receive alerts if specific events happen. Of course, alerting is often used together with other scenarios as alerting alone does not provide in-depth analysis or storage of the captured events. Alerts can be generated by every running instance of MonitorWare Agent. As […]
The event log monitor service pulls events from the Windows event logs. In Windows’ default setup, the information contained in the logs is sparse and far from sufficient for security monitoring. If you are solely interested in checking system health, the default setting can be sufficient. If you are interested in security monitoring, you definitely […]
Article created by Rainer Gerhards. A hardened log host is a system that is especially configured to prevent malicious users from modifying any log data stored inside it. A hardened log host is especially useful if tampering with log data is to be avoided. Setting up a proper hardened host can definitely help if evidence […]
Article created by Rainer Gerhards. MonitorWare Agent can be used with standard firewalling. The product itself does not require any specific access privileges to network services like RPC or the like. The Windows networking support required is fully dependant on the needs of the network or security administrator. If a fully locked-down system is desired, […]