Effective log management begins with a dependable collection layer to enable automated collection of all the event logs. EventTracker provides an integrated, sophisticated collection layer featuring a highly flexible agent-optional architecture and built in syslog, syslog ng and SNMP receivers. The collection layer supports both UDP or TCP transport, and encrypted, guaranteed delivery of events.
EventTracker collects event data from a wide variety of sources. For systems that do not support real-time event forwarding such as Windows, EventTracker provides full-featured, robust agents. Alternately if deploying an agent is not desirable, these systems can be polled and the logs retrieved on a periodic basis. As EventTracker contains a syslog and syslog ng receiver no agent is required for UNIX, Linux and most network devices. The EventTracker Console also includes an SNMP v1/v2 receiver and full MIB compiler to support SNMP devices. A rich set of MIBs come precompiled with the product. This combination provides the user with the ability to monitor events throughout their environment including servers, workstations, network devices, applications, processes, and services. EventTracker contains built in support for hundreds of devices and applications, and new devices and custom applications can easily be added.
See a full list of supported devices and manufacturers.
The EventTracker Agent is a configurable, high performance, tiny footprint executable that can be rapidly installed, configured and managed from the EventTracker Console. High performance agents support up to 7000 events per minute per system on a sustained basis. Powerful filtering rules can be put in place in the agent to collect only the events you are interested in collecting. Each agent can send events to up to 5 different EventTracker Consoles. EventTracker Agents also go well beyond simple monitoring of the event log and support advanced monitoring of applications, log files, Web pages etc.
For a complete description of advanced monitoring in the agents click here.
By default, EventTracker receives events on the EventTracker console via UDP to minimize impact on the network. For customers requiring guaranteed delivery, however, the transport format can be specified to be TCP from the agents to console, or syslog ng (also TCP) in the case of UNIX and Linux systems. Console to Console communication can also be configured to be encrypted and guaranteed, enabling geographically dispersed locations to roll up to a single Collection Point and then to transmit log data to a central console over the internet without fear of compromising security.
Collection Points are a key architectural feature in EventTracker that provide a company with unparalleled flexibility in how events logs are managed in real-time and how they are stored for reporting and compliance purposes. Simply put, a Collection Point is a place where logs are collected and stored. A Collection Point can range from being as little as a place where event logs are staged on a temporary basis before periodic transmission to a Collection Master, to a full EventTracker Console providing complete functionality including real-time alerting and correlation. As EventTracker is a 100% software solution, Collection Points can be easily set up on any standard Windows machine and sophisticated log roll-up rules on either a real-time, time or volume basis can be configured.
Collection Points are often used by geographically dispersed or independent IT organizations to locally manage the resources they are responsible for, and at the same time support compliance requirements on an enterprise level. They enable fine-grained control on what logs go where, when to minimize resource usage of the log management system.
