You DO NOT need to do any setting on the EventTracker manager to capture syslog events.

On installation, by default, the EventTracker manager will listen on the syslog UDP=514 port. Any syslog message on this port will be recorded and shown on the Console. Please note that you will have to configure your firewall or Unix system to forward these syslogs to EventTracker. That is the only configuration to be done. If it is still not working, please check that there is no firewall restricting the access.

BACK TO TOP

You can generate sample SYSLOG messages from a Linux/Unix implementation with the logger command

logger is a command-line application that sends messages to the system logger. In addition to being a good diagnostic tool, logger is especially useful for adding logging functionality to shell scripts.

Suppose you've just reconfigured syslog to send all daemon messages with priority "warn" to EventTracker. To test the new syslog.conf file, you'd first restart syslogd and klogd and then you'd enter a command like the one
below:

logger -p daemon.warn "This is only a test."

logger's syntax is simple. The -p parameter allows you to specify a facility.priority selector. Everything after this selector (and any other parameters or flags) is taken to be the message.

Sample script to send multiple messages from command prompt
mylinuxbox:~# for i in {debug,info,notice,warning,err,crit,alert,emerg}
> do
> logger -p daemon.$i "Test daemon message, level $I"
> done

BACK TO TOP

Start the syslog daemon with the -m option Minutes between "mark" messages (timestamp-only messages. A value of 0 (default) signifies "no marks").

Example:
/etc/init.d/syslog -m 1
would cause keepalive messages every 1 minute.

This can be useful to assure that the machine was alive and healthy in the absence of regular SYSLOG messages.

BACK TO TOP

One of EventTracker's main strengths is its ability to store and analyse events for a long period of time.

Warehousing is a feature that can be turned on from the EventVault Manager and this will automatically start warehousing events that are older than a particular period (for example, 7 days).

Once warehousing is turned on, you can use the Reports Console to give analysis and reports for a chosen time period.

BACK TO TOP

The license includes all the necessary components including the Console. Install the Console first with the license and thereafter distribute the Agents (or Clients) from the Console.

The Install Guide at http://www.prismmicrosys.com/Support/docs.php is a useful resource.

Example - Your order details:

1. Edition Type : Protector
2. Quantity: [Workstations=50, Servers=2, Clusters=0, Devices=0, Consoles=1, Remote Viewer=0]
3. Supported platforms include NT, XP, 2000, 2003
4. Your Support Contract is valid through 2/1/2005
5. Information on upgrades and new releases will be sent via email to yourname@company.com

Install the latest version available at our web-site.

When prompted please enter the following information EXACTLY (it is very case sensitive !!) as shown below.

EventTracker v4.5 License Key:
Key 1: MM SHIP FRAMES
Key 2: ETW-S2W50
Serial #1:NDNBB90-7179-RJGNL-JENTM-11
Serial #2:YXYX4T2V-XYXY4383-3-73584

Once Manager is installed, you can now continue to deploy the Clients as well according to the number of licenses that has been purchased. Once this limit is reached, you will not be allowed to deploy more Clients and will need to contact sales@prismMicroSys.com to purchase additional licenses.

BACK TO TOP

The Alarm forwarding mechanism in EventTracker will use the same Trap OID only because we need to forward it to other management frameworks in a consistent manner. However, you can use the custom action alerting mechanism to achieve your goal.

For this,
- create an action to execute a custom script
- the script takes the event contents as individual parameters
- the script can then format these parameters into a customized trap and forward it to the relevant system.

You will need to write the script though. There are several such freely available scripts, which can then be fine-tuned.

BACK TO TOP

Yes. EventTracker is designed to receive SYSLOG events as well as SNMP traps from Cisco PIX firewall. PIX Firewall can send syslog messages to EventTracker console. You can also further customize events, send an alert or generate appropriate report using extended framework provided by EventTracker. EventTracker also contains special categories (knowledge pack) to manage PIX events.

Three steps to send Syslog Messages to a EventTracker Console

1. Configure syslogd to send syslog messages to EventTracker (The Configuration Guide for the Cisco Secure PIX Firewall Version describes the procedure for configuring syslogd)

logging host EventTracker 192.168.1.1
2. Set the logging level with the logging trap command; for example:

logging trap errors
3. Start sending messages with the logging on command. To disable sending messages, use the no logging on command.

BACK TO TOP

If you are running Windows 2003 R1 or Windows 2003 R2 SP2 you must follow these steps to run the ET installation. When you copy a file in these OS’s a minor security precaution is taken and can be fixed very easily.

1. Right click the .exe file and choose Properties.
2. Under Properties choose the General tab.
3. At the bottom right of the window you will see Unblock, click the Unblock button.
4. Choose Apply at the bottom of the window.
5. Choose OK.

This should resolve the issue. After these steps have been taken you can run the EventTracker installation.

BACK TO TOP