Hardware Requirements
All EventSentry components, including the agents, require a Pentium IV or higher processor with SSE3 support.
Operating System Platforms
EventSentry runs on the following platforms:
Operating System Version |
Windows Editions |
Run Installer |
Monitor with Agent |
Windows® NT 4 SP6 |
(all versions and service packs) |
up to EventSentry v2.90 |
up to EventSentry v2.90 |
Windows® 2000 |
(all versions and service packs) |
up to EventSentry v2.92 |
up to EventSentry v3.0.1 |
Windows® XP SP3 |
(Home, Professional), including x64 editions |
up to EventSentry v3.3.1 |
all versions |
Windows® Small Business Server 2003 SP2 |
(all service packs) |
up to EventSentry v3.3.1 |
all versions |
Windows® Server 2003 SP2 |
(all service packs), including x64 editions |
up to EventSentry v3.3.1 |
all versions |
Windows® Vista |
(all editions), including x64 editions |
up to EventSentry v4.0.3 |
all versions |
Windows® Server 2008 (R2) |
(all editions), including x64 editions |
all versions |
all versions |
Windows® 7 |
(all editions), including x64 editions |
all versions |
all versions |
Windows® 8 & 8.1 |
(all editions), including x64 editions |
v2.93 and later |
all versions |
Windows® Server 2012 (R2) |
(all editions), including x64 editions |
v2.93 and later |
all versions |
Windows® 10 |
(all editions), including x64 editions |
v3.2 and later |
all versions |
Windows® Server 2016 |
(all editions), including x64 editions |
v3.3 and later |
all versions |
Windows® Server 2019 |
(all editions), including x64 editions |
v3.5 and later |
EventSentry v3.5 and later |
Windows® 11 |
(all editions), including x64 editions |
v5.0 and later |
EventSentry v5.0 and later |
Windows® Server 2022 |
(all editions), including x64 editions |
v5.0 and later |
EventSentry v5.0 and later |
See below for requirements of specific components.
Hardware
| The following minimum resource allocations (CPU cores / memory) are recommended for EventSentry's server-side components. This is in addition to the core requirements of Windows® Server. Depending on the amount of data being received, additional resources may be needed. |
Component Name |
# of cores |
Memory (Mb) |
Notes |
Built-In PostgreSQL database |
4-8 |
4096-8192 |
Large queries / databases may require significantly more memory |
Network Services |
1-2 |
256-512 |
High load of NetFlow may require more cores |
Collector |
1-2 |
256-512 |
|
Web Reports |
1-2 |
512-1024 |
|
Heartbeat Monitor |
1-2 |
128-256 |
Monitoring large number of hosts in short intervals may require additional cores |
ADMonitor |
n/a |
n/a |
No significant resource usage |
As such, a typical EventSentry server utilizing all components (including the database) should have at least 4-8 cores and 8Gb of memory (already accounting for the resource usage of Windows itself). Additional memory is recommended for larger databases.
Permissions
The following permissions are required to install EventSentry with the setup application:
• Administrative permissions
or
• Permission to create and control services
• Permission to write files to %SYSTEMROOT%\SYSTEM32
• Permission to write \Program Files directory
• Permission to write to the registry key HKEY_LOCAL_MACHINE\Software
|
Running the EventSentry installer on a Workstation-OS like Windows 10 or later is possible but not recommended and not supported for production use. |
ADMonitor
The following are required for ADMonitor to work:
•The host where ADMonitor is installed must be a member of the domain it monitors
•The ADMonitor service account (EventSentryADMonitor) must be a local administrator and member of the Domain Admins group
•The ADMonitor service account (EventSentryADMonitor) must be a member of the Enterprise Admins group if a child domain is being monitored
•The Group Policy Management feature must be installed in order to monitor group policy changes
•Limited auditing for "Account Management", "Directory Service Access" and "Active Directory Diagnostic Event Logging" is required to determine the user who performed a change (can be configured with administrator utility)
Collector
The following requirements are recommended for hosts running the collector service:
•Operating System: Server OS, Windows 2012 R2 or higher
•CPU: 4 or more cores
•Memory (RAM): At least 512Mb available for the collector, 1 Gb or more recommended
The Network services service (which includes the Syslog, Snmp, ARP and NetFlow daemon) requires at least a 5-host network device license, the NetFlow component requires at least one NetFlow license.
There is no license requirement for the "Network Services" component included with EventSentry Light edition which only supports 2 remote hosts and does not support logging incoming Syslog and/or SNMP traps to a database.
NetFlow
The following flow protocols are supported by the EventSentry NetFlow component:
•NetFlow v1
•NetFlow v5
•NetFlow v9
•IPFIX
•sFlow
Agent Management (Manual or MSI)
Agents can either be installed with the management console or with MSI files. The following requirements need to be met in order to deploy and manage EventSentry agents with the management console:
•The ADMIN$ share needs to be present in order for the agent to be pushed.
•The ADMIN$ share needs to be present for configuration updates to be pushed to the agents. If the ADMIN$ share does or cannot exist, then you can setup the ES$ share instead.
•The Client for Microsoft® Networks needs to be installed
Agent-only installers can be generated by the management console and installed or deployed to the target computers.
|
The collector (installed by default) can be utilized to keep the configuration as well as remote agents up to date. When using the collector, only the initial installation of the agents needs be performed (either with remote update or a MSI file). |
The EventSentry web reports support the following web browsers:
•Mozilla Firefox 65 or higher
•Microsoft® Internet Explorer 11 or higher
•Microsoft® Edge (latest version)
•Google Chrome™ 72.0.3626 or higher
•Opera 58.0.3135.47 or higher
•Apple® Safari® 12.0.2 or higher
Older versions of the above listed browsers and browsers not listed may work with the EventSentry web reports but have not been verified.
The EventSentry web reporting requires a supported database server (see "Database" below) with an EventSentry database.
Database Requirements
See Database Requirements for more information on ODBC drivers and supported databases.
Hardware (optional)
All sensors, except for the USB-only temperature/humidity sensor, require:
•One available serial port (used for data collection)
•One available USB port (used for power)
The USB-only sensor requires one available USB port as well as a USB to COM port driver from FTDI Chip. This driver is included with EventSentry and located in the "resources" sub directory of the main installation directory.
