ArchitectureRelated Resources For More Information Call Toll Free
EventTracker automates the secure collection and consolidation of all enterprise events to a central point and makes them readily available to IT personnel for analysis. The EventTracker component-based architecture is designed with scalability in mind and is highly configurable while still being easy to install and quick to implement. EventTracker features an extremely efficient, secure, tamper-proof event archive for reporting and compliance requirements, a powerful real-time correlation engine that operates on the event stream, and a Windows or web-based reporting and analytics engine for ad-hoc and scheduled querying. All the various components are separate and can be deployed on a single machine or multiple machines as desired.
EventTracker features an agent optional architecture. EventTracker Agents are available for systems that do not facilitate real-time log collection such as Windows and Solaris BSM. EventTracker Agents on Windows go well beyond simple Windows log monitoring with the capability to monitor, for example, system thresholds such as CPU, disk usage and memory, the introduction of memory devices such as Flash drives and even monitoring and logging of files copied to the device. The EventTracker Agents are centrally configured, managed and distributed from the EventTracker Management Console. EventTracker agents can perform sophisticated filtering of the event logs prior to transmission to the central collection point. In Agent-less mode, data is simply periodically collected from the host systems and brought to the EventTracker Console for processing. For Linux, UNIX and network devices the EventTracker Console is also able to receive and process Syslog, Syslog NG and SNMP V1/V2. EventTracker Console And The Virtual Collection Point Architecture Although EventTracker supports multiple, distributed Consoles for scalability, a single Console instance can process in excess of 15,000 events per second (steady state) in real-time, using a low-end (less than $2,000) Windows Server with the concept of Virtual Collection Points. Each Virtual Collection Point is a complete virtualized event processing “stack” and consists of a Receiver component that processes the incoming event stream, a Policy Engine that routes the events for further processing if required and an Archiver that writes the events into EventVault. Using multiple VCP’s EventTracker can fully take advantage of multi-CPU, multi-core and 64-bit operating systems. The VCP also enables grouping of events in EventVault for more efficient, faster reporting. Each Console includes a UI for administration, configuration and event viewing, reporting and analysis; and the EventVault® event archiver. Each EventTracker Console can also forward events in real time to other EventTracker Consoles allowing a hierarchical management structure for larger installations. EventVault is EventTracker's proprietary event storage mechanism that archives the original log in a compressed and secured event warehouse for reporting and compliance purposes. EventVault is optimized for the write-once/read many times nature of event log information. In EventVault log data is compressed to less than 10% of the original size, sealed with a SHA-1 checksum and stored in CAB files. If 100 million events are archived, a traditional database can grow to 400 GB while EventVault would require just 10 GB. The EventVault archives can be stored on any storage device that can be accessed from the EventTracker Console. EventTracker Correlation Engine An EventTracker Correlation Engine can be configured to correlate events coming from multiple EventTracker Virtual Collection Points or Consoles. The Correlation Engine enables powerful real-time monitoring and rules-based alerting on the event stream. IT staff can be notified of triggered alerts through the EventTracker Console or Event Log Central; or, alternately, an email notification, SNMP trap, or pager alert can be generated. With the EventTracker correlation engine the entire contents of the event can be examined. EventTracker comes packaged with over 500 predefined rules of the most common conditions. The combination of Rule wizards and a simple Rule grammar enables the creation of custom rules. EventTracker provides complete change monitoring capability on Windows Servers and Workstations. WhatChanged, the Change Management component of EventTracker, periodically takes a snapshot of a systems’ state and does a comparison against either a golden master configuration or simply a previous retained snapshot to detect drift over time. EventTracker Reporting and Analytics Engine EventTracker contains a powerful report generator for custom ad-hoc and scheduled reporting on the data. Reports can be generated in HTML, Microsoft Word or PDF formats. The product also comes with over 2000 predefined report templates that enable a business to quickly comply with the regulatory standards applicable to them. The Analytics Engine allows sophisticated custom searching of the event archives with powerful search within search and customizable output formats. Event Log Central is EventTracker’s secure web-based user interface that provides EventTracker’s Reporting and Analytics capability in a web UI. Event Log Central comes with multiple pre-defined roles such as Help Desk, System Administrator or IT Manager, and custom roles can also be created by the Administrator. User authentication is integrated with Active Directory for single sign-on support and https is used as a secure transport between browser client and server. Simply collecting all the logs is only a start. To make full use of the logging Prism has developed the EventTracker Knowledgebase which is updated constantly as new events are defined. The Knowledgebase is hosted by Prism Microsystems and provides detailed descriptions of event meanings. These definitions can be used to configure rules or as a convenient look-up for unknown event types. |
© 2010 Prism Microsystems, Inc. • Privacy • Terms of Use