Author: ingmar.koecher

EventSentry Light Supercharged

ingmar.koecher 0 Comment Announcements, Event Log, EventSentry, Monitoring, Tools & Utilities

The latest EventSentry update brings significant and very exciting changes to the free light edition, EventSentry Light.

We have always seen EventSentry Light as a successor to the original EventwatchNT – a monitoring tool for small networks to alert sysadmins by sending real-time alerts about event log activity. As its big brother EventSentry continued to mature, most features from EventSentry made it into the light edition as well: Service Monitoring, Disk Space Monitoring, Performance Monitoring and many more. Since EventSentry Light was, and continues to be, free, it needed to distinguish itself from the commercial edition. As such, most feature were somewhat restricted in the light edition which only allowed a limited number of packages, event log filters, performance counters and such.

es_light.png

Over the last year we’ve been getting feedback that EventSentry Light was being constrained too much. Since our goal is, and always has been, to empower sysadmins and not constrain them, we decided to provide our users with more functionality in the free edition. The result of these efforts is build 2.93.1.75, and with this release you can:

  • Monitor event logs and log files in real time, setting up as many filter rules as you’d like, without restrictions.
  • Utilize all advanced event log filter capabilities like thresholds, timers, schedules and more!
  • Create as many event log, log file and system health packages as you like.
  • Utilize all system health monitoring features, such as file checksum monitoring, performance monitoring, service monitoring and more.
  • Create a variety of alerts using mail, HTTP, SNMP traps, Syslog messages and more.
  • Receive SNMP traps from SNMP v3 enabled devices.
  • Monitor up to 2 full hosts and 2 network devices.

Pretty impressive, no? So literally overnight, EventSentry Light has matured into a full-fledged monitoring solution which will alert IT professionals like sysadmins of critical (event) log events, performance issues and much more. What differences with EventSentry remain? A few, but the line is much more clear now:

  1. Reporting. With EventSentry, you get log consolidation, software/hardware inventory, performance trend reports, network dashboards, jobs, JSON/XML/CSV/… APIs and more.
  2. Compliance. EventSentry includes a variety of compliance functionality such as process tracking, logon tracking, account management tracking and more.
  3. Monitor multiple hosts. Monitor as many hosts as you are licensed for, and also utilize command line utilities to automate remote host management.
  4. Support. EventSentry includes quality email and phone support, something we pride ourselves on. EventSentry Light offers forum support.
  5. Mobile iPhone & Android apps are only available in the full edition since they require reporting.

So if you’re not already using EventSentry Light, or using an older version, then you should give it a try. It’s as free as it gets with no registration required, no advertisements and no nagging pop-ups. We hope you like it as much as we do. And did I mention that you can seamlessly upgrade from EventSentry Light to EventSentry? 🙂

Don’t forget to check out our other free tools and Facebook / Google+ pages!
Best,
Ingmar.

EventSentry Mobile Updates for iOS & Android

ingmar.koecher 0 Comment Announcements, EventSentry, Monitoring

I’m excited to announce that we released updates to both the iPhone as well as Android version of our mobile app, and both updates are now available in the Apple App Store and Google Play Store respectively.

The iOS version now supports the larger iPhone 5 display as well as a variety of improvements in regards to load speed, rotation and so forth.

screenshot_iphone5_1.png

The Android version catches up with the iOS version, adding the heartbeat page and fixing an issue where the app would not launch on devices running Jelly Bean. We’ve also beautified the app a bit and donated some color icons to the menu. Yes, the Android app now has officially more color than the iOS version. How crazy is that?

We also had to change how EventSentry Mobile is distributed through the Google Play Store, where our mobile app is now called “EventSentry Mobile” (instead of just “EventSentry”). Existing users of the mobile app will, unfortunately, need to uninstall and re-install the app to get the latest version. This was necessary due to Google’s policies and a mishap on our part. Future releases of the Android app will support updating however, and we apologize for the inconvenience.

screenshot_android_1.jpg

To get the free update, either search for “EventSentry” on your mobile device, or visit the links below.

Google Play:
https://play.google.com/store/apps/details?id=net.netikus.eventsentry.mobile

iTunes:
https://itunes.apple.com/us/app/eventsentry/id440535744

Now, if you use or like the app – why not rate it and write a short review?

Thanks,
your NETIKUS.NET team.

Monitoring Windows Updates

ingmar.koecher 0 Comment EventSentry, Monitoring, Pure Knowledge, Tips & Tricks

Automatic Windows Updates are a wonderful thing when they are working as expected, and many organizations employ WSUS or patch management software to keep their infrastructure up to date with the latest Microsoft hot fixes and service packs.

While this works for many, not everybody can afford patch management software, and, while free, managing the disk-hungry WSUS can be a daunting task as well. This leaves some sysadmins to use the old-fashioned Windows Updates to install all the regular and out-of-band patches Microsoft releases.

If you don’t feel comfortable installing patches automatically however, configuring Windows Update to “download updates for later manual installation” is often safer and more predictable. But, if you’re not logging on to the server(s), you won’t know whether one or more updates are ready for installation or not. Even if you’re just managing one server, checking in on a regular basis can be a waste of time.

updates_are_ready.pngThis is where EventSentry and its log file monitoring feature comes in. It turns out that Windows, like a diligent ship captain, logs all activity to a log file. And with all, I really do mean ALL. The file I’m talking about is windowsupdate.log, and it tells you just about everything that’s going on with Windows Update. In 3-4 steps that don’t take longer than 5 minutes, you can setup real-time monitoring of the WindowsUpdate.log file, and be notified when updates are about to be downloaded to a monitored computer.

The screenshot below shows what such an email from EventSentry would look like:

email_approved_updates.png

From then on, you can either get email notifications when patches are downloaded, or use the web-based reporting to view a report from all of your monitored hosts. On a high level, the configuration works like this:

  • 1. Setup a log file (%systemroot%\windowsupdate.log in this case)
  • 2. Create & assign a new log file package
  • 3. Define a log file filter (this tells EventSentry what to look for in the file, and where to send it)
  • 4. Setup an email action (this is usually already setup)
  • 5. Optionally setup an event log filter to forward alerts to email (the default filter setup should automatically forward warnings)

The WindowsUpdate.log is useful for troubleshooting as well, and you can consolidate the content of this file from all of your servers in the central EventSentry database. This makes searching for text and/or comparing the log from multiple servers a breeze. Having the log file accessible through the web reports is also useful when a patch caused problems and the server is offline. You can view the most recent activity from the log file through the web-based reporting even when the server is unavailable.

So how do you set this up? Assuming you have EventSentry v2.93 installed (any edition will do, including the free “light” version), you can follow the steps outlined below. Note that all steps will need to be performed in the EventSentry management console.


1. Setup a file definition. This tells EventSentry which file you want to monitor, and sets up a logical representation of that file in the EventSentry configuration. In the “Tools” menu, click “Log Files and File Types” and then click the “Add” button.

menu_tools.png

add_file_definition.png

tree_logfile_package.png

2. Create a package and add a filter. Right-click the “Log File Packages” container, select  “Add Package” and choose a descriptive name. Since new packages are unassigned by default, right-click the newly created package, select “Assign” and assign the package to host(s) on which you want to monitor the Windowsupdate log file.

3. Setup a log file filter. This tells EventSentry which content of the monitored file you are interested in. In every log file filter you can configure a database as well as an event log filter.

Right-click the previously created package and select “Add File”. From the list, select the log file definition created in step 1, “WindowsUpdateLog”. Select the new log file.

The database tab determines which content goes to the database (in most cases you will write all file contents to the database), while the event log tab determines which log file contents are written to the event log. For this project, we are interested in the following wildcard matches:

*AU*# Approved Updates =*

*DnldMgr*Updates to download =*

The first wildcard match will tell you the total number of updates which have been approved and will be downloaded, whereas the 2nd line will fire for every individual update which will be downloaded. In most cases the first line is sufficient and the 2nd line can be skipped.

file_filter_eventlog.png

That’s it! With this setup, you will immediately get notified when patches are ready to be installed. The only thing I didn’t mention here is how to setup an email action and corresponding event log filter, since both of these are usually already setup by default. If you need help with this, please check out our documentation and/or
tutorials.

Please note that the full and evaluation version of EventSentry can inventory installed software and patches. This enables you to use the web interface for viewing/searching installed patches, and get (email) alerts when a patch has been successfully installed.

As always, happy monitoring!

Announcing EventSentry Light v2.93.1

ingmar.koecher 0 Comment Announcements, EventSentry, Monitoring, Tools & Utilities

We’re excited to announce a new version of EventSentry Light, our free server and log monitoring solution.

EventSentry Light is:

  • completely free
  • does not show ads
  • does not require a registration
  • does not expire

To see all the new features which were added to full release EventSentry v2.93.1, see “EventSentry v2.93.1 – Part 1” and “EventSentry v2.93.1 – Part 2“.

eventsentry_performance_alert.png

In addition to the new features and bug fixes of the 2.93.1 release, we also decided to make the latest version of EventSentry Light even more useful for sysadmins by enabling several features which were previously only available in the full version:

  • Process Action is now available, so you can now launch scripts and/or processes as a response to event log entries
  • Custom event logs as well as custom event log channels (Windows 2008 and later) can now be monitored
  • Services can now be controlled in addition to just being monitored
  • All event logs can now be backed up
  • Event Log backups can be compressed
  • NTP (Network Time Protocol) feature can now adjust the local time
  • Limits can now be applied to actions
  • Email actions: All features are now available
  • Import/Export feature in management console is now available
  • Variables support is now available

In addition to the above new functionality, we also increased many of the existing limitations:

  • # of event log filters: Increased to 5 (from 4)
  • # of monitored services: Increased to 6 (from 4)
  • # of event log backup schedules: Increased to 3 (from 2)
  • # of actions: Increased to 3 (from 2)

EventSentry Light v2.93.1 is a significant upgrade from v2.92, with many new features now available to light users. Remember, with EventSentry Light you can:

So if you’re running EventSentry Light v2.92 or older then the time to upgrade is now! If you’re not using EventSentry at all, then the time to install it is now – you have nothing to loose.


Get EventSentry Light

EventSentry v2.93.1 – Part 2

ingmar.koecher 0 Comment Announcements, EventSentry, Monitoring

This is the second and last article about the new features in the EventSentry 2.93.1 release, part 1 can be found here.

 

Support for USB-only temperature/humidity sensors

Up until v2.92, all environment sensors supported by EventSentry required a serial port to work; the USB connector is used only for drawing power.  Starting with v2.93.1, EventSentry now supports a USB-only temperature & humidity sensor (#30602), and a serial port is no longer required (water, smoke & motion sensors still require a serial port – for now).

30602_kl.jpg

The new USB-only environment sensor requires virtual COM port drivers from FTDI to be installed before it can be used. These (certified) drivers will create a virtual COM port on the computer, through which EventSentry will communicate with the sensor. The drivers ship with EventSentry, and are automatically installed by the management console when a USB-only sensor is configured. The driver installation does not require a reboot.

Improved hardware inventory for DELL & HP servers

EventSentry has always provided a solid hardware inventory which included installed memory (and available slots), network adapters, disks, disk controllers, graphics adapter and more. Server specific information was only available through the manufacturers management tools such as DELL OpenManage. EventSentry would always relay alerts about critical issues (e.g. degraded RAID, failed redundant power supply, etc.), but status information (does the server have redundant power supplies?) was not available through the EventSentry web reports.

Version 2.93.1 changes this, and EventSentry now shows the following hardware details on HP© and DELL© servers, provided that the management tools (e.g. DELL© OpenManage) are installed:

  • Installed power supplies and their status
  • Installed fans and their status & speed
  • Installed temperature sensors and current temperature
  • Installed remote access cards (e.g. iLO or DRAC) and their IP address
  • Installed RAID controllers and configured logical drives
  • Installed hard disks

hw_inventory_raid.png

The images above and below show how incredibly easy it is to see all hardware components of a server – on ONE screen, including all configured RAIDs and their associated physical drives – something Windows itself will not show you.

hw_inventory_hp_server.png

Most of these new properties are searchable as well, so it’s easy to list servers with more than one power supply, servers with remote access cards, RAID and so forth.

In addition, the Network Overview page will show you any hardware components from your entire network that are not in an OK state, whether it’s a hard disk, fan, PSU or temperature sensor.

Warranty expiration information for DELL, HP & IBM servers

Also new as part of the hardware inventory is the ability to view when a maintenance/support contract for a server or workstation will expire. When viewing the hardware inventory of a host, EventSentry will show you all available support contracts and their expiration date.

hw_inventory_support.png

Improved Monitoring Engine

The core event log monitoring engine in the EventSentry agent has been tweaked to allow for higher throughput and lower CPU utilization, especially for Windows 2008 and later operating systems. Systems generating a large amount of events (such as domain controllers) should benefit from this enhancement.

Usability enhancements in management console

We improved two key areas in the management console for better usability: Speed when saving and keyboard navigation. Up until v2.92, saving the configuration in the management console could take more than 10 seconds, especially when the configuration contained a comprehensive ruleset. Starting with v2.93.1, only objects which were changed are written to disk; saving the configuration now only takes 1-2 seconds in most cases.

Also added was better keyboard navigation, especially for navigating the tree in the left pane. You can now navigate through the key by simply typing the name of a package, filter, action or other object. The improved keyboard navigation also allows you to use the scroll wheel of your mouse to quickly scroll through the tree.

Increased throughput for Heartbeat Monitoring

The heartbeat agent has been improved and can now scan remote hosts in parallel using threads. Even monitoring hundreds of hosts can be performed in a matter of seconds, so that a networking problem is reported as soon as possible. You can specify how many threads the heartbeat agent should use, or have the agent automatically allocate threads as needed based on the number of hosts and the network speed. Simply set the monitoring interval (e.g. 30 seconds) and EventSentry will do the rest!

Other noteworthy improvements

On hosts running Vista and later, the hardware inventory now retrieves the configured UAC level, which is also searchable, making it easy to find hosts with insufficient UAC settings. Process tracking also captures the current process elevation level, making it again easy to find processes which are running elevated (“Run as Administrator”).

Event Log filters can now search event details with a (perl-based) regular expression engine, time-based restriction can be set to the “nth” day of a month – ideal for creating filters based on “Patch Tuesday” for example. The same “nth” day of the month option is also available for heartbeat maintenance schedules by the way.

The environment dialog in the management console now shows descriptions with serial ports, making it easier to select the correct COM port. The management console also polls the status of all three EventSentry services in the background, and updates the status icons accordingly if a service is not running.

The web reports were tweaked, and many pages now load significantly faster, in particular the performance status page. The load speed of many other pages has also been improved if the “resolve hostname” option is enabled in the profile editor. Furthermore, on x64 systems, IIS no longer has to run in 32-bit mode.

Alerts generated after event log backups are more verbose, and include a SHA-256 checksum of the created backup file for tamper detection.

Finally, EventSentry v2.93.1 includes preliminary support for both Windows 8 and Server 2012.

Please see the release history for a complete list of all new features and bug fixes. Contact us with any questions about EventSentry and/or the v2.93.1 release.