It is important that filters using summary notifications are NOT configured to notify All Targets. When using summary notifications make sure that one and only one target is present in the filters Targets list of the General tab.
After making configuration changes on your management workstation you will need to use the Update Configuration feature of remote update to push the updated configuration to your remote machines. Rightclick the Computers container of the group you want to update and select Update Configuration. In the next dialog make sure that the co...
Yes any user with administrative privileges can view and change the EventSentry configuration. The entire EventSentry configuration is stored on a permachine basis so it doesn39t matter which user logs on to the computer where the EventSentry management application is installed. The only settings that are store on a peruser basis are th...
Filters are processed sequentially onebyone by the EventSentry agent. If an event matches multiple filters then every filter matching the event will send the event information to the configured target. This usually happens when more than one filter is configured to use Trigger all actions. To avoid seeing events multiple times: Co...
In order to transfer the EventSentry configuration from a remote computer to the computer running the management application do the following: 1 Log in on one of the remote computers running the agent 2 Open up the registry editor regedit.exe and select the HKEYLOCALMACHINE\Software\netikus.net\EventSentry subkey 3 From the File or ...
Access to the EventSentry configuration is automatically restricted to members of the local Administrators group or Domain Admins group on domain controllers. Members of the Users and/or Domain Users groups do not have permission to view or edit the EventSentry configuration. The entire EventSentry configuration is stored in the registry an...
Yes you can make changes directly to the registry but always make a configuration backup before you make any changes to the registry. Please also note that editing the registry directly is not supported. To make sure that the EventSentry agent picks up the configuration changes you made create the following empty file when you are done edi...
You can monitor this event log through the Custom Event Log monitoring feature of EventSentry. Simply click the Custom Event Logs tab on an existing or new filter select the DFS Replication from the list and check the check box next to it. The selected event log will now also be monitored by this filter. To monitor this event log in other...
When packages that are assigned to individual computers do not work then please make sure that the computers in question are part of an AD domain. If the computers are not and/or cannot be part of an AD domain then you will have to manage the computers using their NetBIOS names. Otherwise EventSentry will not correctly identify the compute...
This error is being displayed because remote access connections which are available for selection on the SMTP action dialog cannot be enumerated. You should be able To avoid this error message by ensuring that the Remote Access Connection Manager service is running.
Events logged with a severity of Success which is displayed like an informational event are not very common but are nevertheless logged by some applications like SQL Server. EventSentry treats Success events like Information events as such you would need to filter for Information events when you want to process Success events.
EventSentry ships with a variety of default packages all of which are optimized for systems installed in English. Efforts are underway to support other languages as well for builtin performance counters however for the time a performance counter package for German systems has been made available. The package .reg file can be downloaded from...
Yes using the Regular Expression match type of an EventSentry event log filter you can get notified when a credit card number appears in an event log message or log file. Credit Card numbers should never be stored in clear text in any type of log file whether in a production or test environment. If you monitor your event logs and/or log fil...
Yes it is possible to monitor both of these directories on a 64bit machine with the Disable folder redirection on 64bit systems Wow64 option in File Monitoring. If you run the EventSentry agent on a 64bit machine and monitor folders for which the OS has file redirection for 32bit processes enabled e.g. SYSTEMROOT\SYSTEM32 then ...
What is AppLocker Introduced in Windows 7 Enterprise Edition AppLocker provides a mechanism within Windows to whitelist / blacklist known applications publishers or file hashes via Group Policy. AppLocker provides Administrators the ability to restrict the execution of these resources in Enforce rules mode or to generate audit logs ...
Yes. The preferred method for managing agent configurations is through the collector which can automatically deploy the EventSentry configuration as well as agent updates. See EventSentry Collector below for more details. If you are not using the collector then follow the instructions below. Creating a group and configuring local permis...
NOTE: Starting in EventSentry 5.1 the default way to purge your database is from Web Reports. Please see KB 523https://www.eventsentry.com/kb/523 for information on how to set up this new purge and change the number of days in your retention period. When EventSentry is installed there is an option in the Configuration Assistant to pu...
The quickest way to exclude unwanted service status change events such as the aelookupsvc is to added them to the list of excluded services: In the management console find the EventSentry Alerts package under Packages/Event Logs Expand the package and locate the Excluded Services exclusion filter under Service Monitoring. If you a...
Please ensure that you do not have Registry Auditing enabled for the following registry path: HKEYLOCALMACHINE\SOFTWARE\netikus.net\EventSentry\bootscan HKEYLOCALMACHINE\SOFTWARE\Wow6432node\netikus.net\EventSentry\bootscan Usually registry auditing becomes enabled for this path due to auditing the EventSentry registry path or auditing ...
Yes to get notified when an IIS site is stopped or started follow the steps below: In the Windows event viewer navigate to the MicrosoftWindowsIISConfigurationOperational event log Rightclick the log and select Enable Log In EventSentry create a new include filter which looks for the following event properties: ...
1 Your switch must be present in your EventSentry configuration in a Network Device group 2 Clicking Check Status Go in the console toolbar must display the SNMP version information in the SNMP column 3 Your switch or its EventSentry group must be assigned a System Health package that contains the Inventory feature. This is usual...
Yes it is possible to only send one event per email. In the EventSentry console scroll down the left side to the Actions section and then select one of your email actions. On the right side in the email action39s settings you can change the Events Per Email setting in the bottom right corner to 1 and repeat this change for all other em...
Yes EventSentry includes a Remote Update eventsentryupd.exe command line utility that will allow you to automate the remote update process. You can schedule the update using the Windows Task Scheduler and assure that all of your agents are always running with the latest uptodate configuration. The utility also has an optional flag to updat...
The National Security Agency NSA and the Central Security Service CSS published the document Spotting the Adversary with Windows Event Log Monitoring which in section 4 lists a number of events which are recommended to be collected by a log / SIEM monitoring solution. We have made a downloadable EventSentry package file available for ...
Yes you can monitor several aspects of Subversion with EventSentry. We will assume that SVN is installed in C:\CSVN and that the repositories are installed in C:\SVN. Services CollabNet Subversion Edge csvnconsole CollabNet Subversion Server collabnetsubversionserver Disk Space Using folder monitoring System Health ...