You can consolidate events from multiple servers and/or workstations to a central ODBC database to
| • | Create a backup of one or more event logs |
| • | Be able to search through multiple event logs network-wide and create reports |
| • | Help become compliant with government regulations, such as Sarbanes-Oxley, HIPAA and more |
In order to setup event consolidation you will need to:
| 1. | Setup the EventSentry database (tables, permissions, indexes) on a supported database |
| 2. | Setup the web reports on a supported web server (IIS or Apache) |
| 3. | Create a ODBC Target notification in EventSentry that points to the database |
| 4. | Create one or more filters that reference the ODBC Target |
Figure 8 illustrates an event log consolidation in a heterogenous network:
Figure 8
Syslog Message Flow
Using the syslog feature you can also store events generated on non-Windows device in the database. Unix based machines (here Linux and OpenBSD machines) and Cisco network devices send syslog messages over the syslog UDP protocol to a Windows machine running EventSentry wiith the syslog daemon running. This host in turn forwards all syslog messages to the central ODBC database as well.
| 1. | A syslog message is sent by a device which supports the syslog protocol |
| 2. | The syslog message is received by the EventSentrysyslog daemon |
| 3. | The syslog message is written to the Application Event Log on that machine |
| 4. | EventSentry, monitoring the Application event log, forwards the event record with the syslog message |
|
As you can see, syslog messages are first written to the application event log where they are then picked up by EventSentry and forwarded to the configured target, according to the configured filters. |
