The Logging Experts
The Logging Experts
The “Simple Mail Transfer Protocol”. This is an Internet standard for sending email messages. Virtually all major email systems are either based on SMTP or at least offer gateways to SMTP capable systems. SMTP is used for sending email. It can not be used to pick up email messages. For this purpose, protocols like POP3 […]
Do you want to receive syslog in a Windows environment? Take a look at WinSyslog! Receive, process and store your syslog data from routers, firewalls or linux/unix servers with this easy to configure application in your Windows environment. Troubleshoot network problems or be alerted, all quickly and easily. Take a Quick Tour to WinSyslog to […]
Created by Wajih-ur-Rehman What is the difference between SETP and Syslog and what advantages does SETP offer over Syslog? Following are some of the points related to traditional Syslog: Its a UDP based protocol. It doesn’t provide any guarantees of message delivery. It doesn’t parses the data so most of the fields of MonitorWare Database […]
Article created by Tamsila-Q-Siddique. WinSyslog and EventReporter are subset of MonitorWare Agent. This means that there would be no difference in the set up creation.You need administrative privileges on each of the machines. This is required both for installation and configuration. Make sure you log on with a sufficiently privileged user account. Download your desired […]
If you have to create an archive of past events, this scenario is for you. The main focus here is storage of event data. Potentially, data is stored for a long time and eventually never being overwritten. It is also highly likely that data will be written to a read-only media like CD-R. Event archive […]
If you are interested in receiving a consolidated view of your overall system state and activity, you are probably interested in the analysis features of the MonitorWare system. Please note that this chapter is currently being expanded. As such, the examples and uses given herein do only reflect some of the things that can be […]
Article created by Rainer Gerhards. In all but the easiest scenarios event data needs to be relayed between different machines. Please note that relaying is also often referred to as “forwarding” – both terms have the same meaning in the context of this documentation. A typical relay scenario might look like follows: Here, devices send […]
Article created by Rainer Gerhards. Solving problems is closely related to alerting. As with alerting, actions are to be executed if a trigger condition exists. With problem-solving, these are actual corrective actions. Samples are deleting temporary files when disk space goes low or blocking an external IP address in a firewall in case an attack […]
Article created by Rainer Gerhards. In this scenario, the primary concern is to receive alerts if specific events happen. Of course, alerting is often used together with other scenarios as alerting alone does not provide in-depth analysis or storage of the captured events. Alerts can be generated by every running instance of MonitorWare Agent. As […]
The event log monitor service pulls events from the Windows event logs. In Windows’ default setup, the information contained in the logs is sparse and far from sufficient for security monitoring. If you are solely interested in checking system health, the default setting can be sufficient. If you are interested in security monitoring, you definitely […]