The purpose of this paper is to highlight the major advantages of employing EventTracker to consolidate, correlate, and manage event log data. The paper introduces at a high level the major design concepts that enable EventTracker to process, store and allow users to gain actionable intelligence from the millions of events that the devices in an organization's IT infrastructure generate each day.
Event data contains a wealth of valuable information for IT controls and compliance, and in many cases, company directives require event information be kept for multiple years. Collecting and storing event logs offers significant challenges however. Each device type has unique events and event Logs are voluminous. A single Windows server can generate over 100,000 events per day. When the auditing feature is in use, Windows servers, like UNIX systems, firewalls and Solaris BSM can generate over a million events per day. As a result even a relatively modest-sized organization can easily generate well over 20 million events each day. EventTracker was designed to automate the efficient collection, storage and analysis of these events.