EventTracker provides an integrated and sophisticated collection layer that enables logging in depth. Logs may be collected from servers, workstations, network devices, applications, processes and services. Unlike other log collection solutions, EventTracker is not limited to set volumes of traffic per day. EventTracker’s collection architecture is highly scalable and the ability to collect and process logs is only limited to the size of the machine serving as the main console. Key features of the collection layer include:

• Highly flexible agent-optional architecture
• Built in syslog, syslog ng receivers
• Supports both UDP or TCP transport
• Optional encrypted delivery of events
• Centralized provisioning of agents from the EventTracker Pulse Console.
• Ability to also poll systems to retrieve logs on a periodic basis
• Support for a mix of agent and agentless systems

Windows Agent

The optional Windows Agent is a configurable, high performance, tiny footprint executable that can be rapidly installed, configured and managed from the EventTracker Pulse Console. EventTracker’s Windows Agent provides advanced functionality that goes well beyond monitoring the event log.

• Performance monitoring (CPU, memory, processes)
• Application and custom log file monitoring
• Software installs and uninstalls
• Powerful filtering rules can be configured in the agent to collect only the events you are interested in collecting
• Customer log file monitoring

Syslog and Syslog ng

• Built-in syslog and syslog ng receiver
• No agent is required for UNIX, Linux and most network devices
• Simply configure the system to forward syslog messages to the Console

Guaranteed, Encrypted Transmission of Events

• By default, EventTracker Pulse receives events via UDP to minimize impact on the network.
• For guaranteed delivery, the transport format can be specified to be TCP from the agents to console, or syslog ng (also TCP) in the case of UNIX and Linux systems.
• Transmission of events from agents to console can also be configured in a FIPS 140-2 compliant mode