NETIKUS.NET's EventSentry 2.8 is an excellent event-log and system-health monitoring
and consolidation tool. Operating under Windows Server 2003, XP, 2000, and NT
(including x64 versions), EventSentry offers a broad complement of filtering,
alerting, and Web-based reporting options. Optionally, you can use EventSentry
to consolidate monitored logs to an ODBC database, and the installation routines
provide explicit support for Microsoft SQL Server, MySQL, and Access.
By all rights, EventSentry should have been included in my recent comparative
review, "Log Management Products for SMBs" (InstantDoc ID 95955)—a
simple oversight. Considering EventSentry's comprehensive feature set and ease
of use, the tool would have stood in the top tier.
What You Get
EventSentry is comprised of four key components: a management console, the EventSentry
agent, the heartbeat agent, and Web-reporting components. The EventSentry agent
runs as a service, monitoring event logs and system health. The heartbeat agent
monitors the uptime of remote hosts and EventSentry agents. ASP-based Web reports
let you easily view the information that EventSentry collects: logs and alerts,
as well as system health.
EventSentry’s ease of use stems from its consistent architecture. Whether
you're monitoring events from standard or custom Windows event logs, Syslog
output, flat-file logs, performance metrics, or one of the system states that
EventSentry monitors, you use Filters and Filter Packages to select which events
on monitored systems the tool will process. Actions or targets—the management
console uses the term actions, whereas the provided documentation uses the term
targets—determine what happens to events that match a filter's criteria.
EventSentry’s Remote Update feature lets you push EventSentry’s
agent and configuration options to the systems you want to monitor.
In addition to log monitoring, EventSentry monitors health and performance
metrics, with an unusual ability to work with serial-port attached environmental
sensors. The simplest form of health monitoring uses simple ICMP and TCP service
port–based pings to verify a system’s responsiveness. Advanced support
includes monitoring of any performance counter, service, or process state; disk
space monitoring; and monitoring folders and files for alteration.
NETIKUS.NET requires a license for each monitored host. There are two types
of licenses: a full-feature-set license and an inexpensive license for hosts
that send Syslog output to EventSentry or hosts that are subject only to heartbeat
monitoring.
Testing
I installed EventSentry on a Windows 2003 system. The tool's Web-reporting features
require IIS. I configured EventSentry to use a SQL Server 2005 instance on another
host. Each client agent logs directly to the database. Because you specify the
connection within each database-logging action, it's possible to have different
actions log to different databases.
EventSentry’s management console, which Web
Figure 1 shows, is logically organized, with a console tree structure on
the left and a details pane on the right. Although you can install the management
console GUI on multiple systems, it doesn’t support full remote administration.
You can’t install agents or push out configuration changes from a remote-console
connection.
EventSentry offers several ways to populate groups with computers you want
to monitor. I created several new computer groups and used the Active Directory
(AD) option to populate them with several systems. From a right-click menu,
I installed the EventSentry agent service to each—a process that took
only a few seconds on each system.
EventSentry supports 14 distinct types of actions, including writing to a
database, a text file or a syslog server; notifying via email, network send,
SNMP, or pager; shutting down the system; and changing the status of a service.
I created actions to write to a SQL Server database, notify via email, and play
a sound file. EventSentry offers a variety of predefined filter groups, and
I found it easy to create additional filters and filter groups, and to define
custom event logs.
Assigning an action to each filter in a package, or to the package as a whole,
is quite convenient. Similarly, your ability to organize monitored computers
within named groups lets you deploy and update both the EventSentry agent and
client configurations to groups of computers at once. Right-clicking a computer
or group displays a list of all filter packages, letting you select a check
box to choose those you want to assign.
Prev. page
[1]
2
next page 
