Please follow the steps outlined below to consolidate event log records to a central database. Depending on the database you are using you might need to perform additional steps.
Install a Database Server
If you are not using the built-in database, and do not already have a database like PostgreSQL or MSSQL running, then you will need to setup a database server on your network. The EventSentry web site contains guides that assist with the setup process (see http://www.eventsentry.com/support/documentation) as well as a setup assistant for MS SQL Server Express that can be downloaded from http://www.eventsentry.com/downloads.
Setup a database during installation
An EventSentry database will automatically setup with the Configuration Assistant after the installation process is complete. The quickest way to setup an EventSentry database is by selecting the Built-In database during installation.
Configure Consolidation & Deploy Agents
1. | Create / configure the ODBC action in EventSentry and configure it to either use a connection string (recommended) or a System DSN. Test the ODBC action. |
2. | Click the "Initialize / Update Database" button to setup the database for use with EventSentry. |
3. | Optional: If you are using a system DSN then make sure the specified ODBC System DSN exists on all machines that will write to the database. We recommend using EventSentry Admin Assistant if you need to roll out a system DSN name to multiple computers. |
4. | Create one or more include filters that will collect event log information and forward them to the ODBC action (database). Event log consolidation will not start until the event log filters are properly setup. |
5. | Use remote update to send the updated filters & actions to all hosts running the EventSentry agent (not necessary when using the collector). |
6. | Setup the web reports to query the database through a web browser. |