• Features
• How It Works
  • Collection
  • Consolidation
  • Knowledge
  • Correlation
  • Storage
  • User Interface
• Where It Fits
• Editions

How It Works - Collection

Effective log management begins with a dependable collection layer that automates collection of event logs throughout the enterprise.

EventTracker provides an integrated, sophisticated collection layer that enables logging in depth by monitoring all event logs from across the enterprise including servers, workstations, network devices, applications, processes and services. Key features of the collection layer include:

• Highly flexible agent-optional architecture
• Built in syslog, syslog ng and SNMP receivers
• Supports either UDP or TCP transport
• Encrypted delivery of events
• Full-featured, robust agents for systems that do not support real-time event forwarding such as Windows
• Ability to also poll systems to retrieve logs on a periodic basis
• Support for a mix of agent and agentless systems
• High-speed Direct Log Archiver to bulk load non-realtime logs
• Built in support for hundreds of devices and applications
• Ability to easily add new devices and custom applications

Centralized Agent Configuration

Windows Agent

EventTracker’s Windows Agent provides advanced functionality that goes well beyond monitoring the event log.

• Change auditing & file integrity monitoring for file system and registry
• Performance monitoring
• Advanced USB monitoring
• Custom log file monitoring
• Software installs and uninstalls

Get a complete description of advanced monitoring in the agents.

The Windows Agent is a configurable, high performance, tiny footprint executable that can be rapidly installed, configured and managed from the EventTracker Console:

• Support for up to 7000 events per minute per system on a sustained basis
• Powerful filtering rules that can be configured in the agent to collect only the events you are interested in collecting
• Each agent can send events to up to 5 different EventTracker Collection Points

Legacy Platform Agents

• z/OS
• iSeries
• C2 (BSM) version of Solaris

Syslog and Syslog ng

• EventTracker contains a syslog and syslog ng receiver
• No agent is required for UNIX, Linux and most network devices
• Simply configure the system to forward syslog messages to the Collection Point

SNMP

• An SNMP v1/v2 receiver and full MIB compiler is provided to support SNMP devices.
• A rich set of MIBs come precompiled with the product.

Any Flat File Event Log

• EventTracker provides a high-performance direct log archiver that can batch process logs in any text format directly into the event archives.

Guaranteed, Encrypted Transmission of Events

• By default, EventTracker receives events on the EventTracker Collection Point via UDP to minimize impact on the network.
• For guaranteed delivery, the transport format can be specified to be TCP from the agents to console, or syslog ng (also TCP) in the case of UNIX and Linux systems.
• Collection Point to Collection Point communication can also be configured to be encrypted and guaranteed, enabling geographically dispersed locations to roll up to a single Collection Point and then to transmit log data to a central console over the internet without fear of compromising security.