Features

Complete Windows Event Monitoring

MonitorWare Agent automatically monitors Windows Event Logs. All Event Logs including the Windows 2000 specific extensions are fully processed.

Monitors Text Files

Any application generated log file can be monitored. For example, IIS log files can be forwarded to a syslog daemon or consolidated into a central repository. Also, known attacks can be detected by matching web requests against well known attack patterns and alerts be generated (with the help of custom rule basis).

Other uses include DHCP logs or Oracle log files – there is a vast number of applications writing status into text files and all of these files can be accessed and for example forwarded to a syslog server.

Active Network Probes

Ping and Port Probe services allow monitoring of both local and remote systems and services. These services are not restricted to Windows machines only – virtually any existing service can be used with these probes. Good examples are LINUX based web and mail servers or firewalls. But our probes don’t restrict you to an OS – even if you have a server running on a mainframe, MonitorWare can check its operational state.

Failing systems and services are detected and alerts are generated.

Windows Service Monitor and Disk Space Monitor Services

The Windows service monitor and disk space monitor services check the local machine. Failing services and low disk space are quickly detected and can be used to trigger notifications or even corrective actions before problems arise.

CPU Monitor/Memory Monitor

The Windows CPU/Memory Monitor checks the load of both CPU and Memory. A high load can be quickly detected and can be used to trigger notifications or even corrective actions before problems arise.

Handling for low-memory cases

MWAgent allocates some emergency memory on startup. If the system memory limit is reached, it releases the emergency memory and locks the queue. This does not mean that more items can be queued. It prevents a crash of the Agent and the queue is still being processed. Many other positions in the code have been hardened against out of memory sceneries.

File Monitor

The file monitor monitors the content of a text file just as the event monitor monitors the NT event log. Its purpose is to gather vital information that is stored in system text files. Many applications do not write events to the event log but to a text file. This is also the case with many Microsoft applications (for example the WINS log). The file monitor can also gather Internet Information Server (Windows’ web server) log files. This is very useful for monitoring web activity and detecting attacks.

External Events

Events are accepted via a standard Syslog server and hence all of the Syslog-enabled devices can be included in the MonitorWare system. This includes popular devices like routers and switches as well as printers and a large number of UNIX / Linux based systems and applications. Virtually all currently existing network devices support Syslog – so MonitorWare Agent can monitor all of them.

To reach an even broader device range, MonitorWare Agent not only supports standard compatible Syslog but also it supports popular extensions like Syslog over.

Post Process Event

The post process action allows you to re-parse a message after it has been processed e.g. Tab Delimited format. Such re-parsing is useful if you either have a non-standard syslog format or if you would like to extract specific properties from the message.

Scalability

The MonitorWare system is modular and highly scalable. If a single server is to be monitored, MonitorWare Agent can provide all monitoring and alerting needs. However, multiple MonitorWare Agents in a complex, hierarchical network can talk to each other and provide both local and central alerting and event archiving.

Event Archiving

All incoming events – no matter what source they came from – can be stored persistently. Options include archiving in databases as well as log files.

Alerting

Different features can be used to alert upon receiving certain information and even automatically start counter measures.

Alerts can be sent via email or syslog. As most pagers are accessible via email, this interface can also be used to trigger pager notifications.

Start Programm

With this, an external program can be run. Any valid Windows executable can be run. This includes actual programs (EXE files) as well as scripts like batch files (.BAT) or VB scripts (.vbs). Start Program can, for example, be combined with the service monitor to restart failed services.

Powerful Event Processing

MonitorWare Agent is powerful and flexible rule engine processes all events based on a configured set of actions. An unlimited number of rules and actions allows tailoring to the specific needs.

Zero-Impact Monitoring

MonitorWare Agent has no noticeable impact on system resources. It is specifically written with minimal resource usage in mind. In typical scenarios, its footprint is barely traceable. This ensures it can also be installed on heavily loaded servers.

Robustness

MonitorWare Agent is written to perform robust even under unusual circumstances. The reliability of the product is proven since 1996.

Ease of Use

MonitorWare Agent is easy to install and configure. Comprehensive step-by-step guides and wizards help administrators with setting up even complex systems.

Firewall Support

Does your security policy enforce you to use non-standard ports? MonitorWare Agent can be configured to listen on any TCP/IP port for Syslog messages.

Syslog Support

Windows Event Messages can be forwarded using standard Syslog protocol. Windows severity classes are mapped to the corresponding Syslog classes. Codes are fully supported.

Send Syslog Test Message

The MonitorWare Agent client comes with “Send Syslog Test Message”. This option enables you to check if Syslog Messages being sent properly to the destination or not.

SETP Support

Windows Event Messages can be forwarded using Adiscon proprietary SETP protocol. Windows Event Logs are monitored successfully as well.

SNMP Trap Receiver

SNMP Trap Receiver allows receiving SNMP messages.

SNMP Monitor

SNMP Monitor can be used to query and monitor SNMP enabled devices. There are many devices that support SNMP and which can be queried for information by SNMP GET. This can be printers, router, managed switches, linux / windows servers and so on.

FTP Probe

It connects to the FTP server and on receiving the response it sends the QUIT command to terminate the connection. It saves the connection status and response replies.

HTTP Probe

It connects to a HTTP server, receives response and sends the QUIT command to terminate the connection. The connection status and response are saved. It also keeps some additional properties to configure like URL and QueryString, Request Type, Use Secure HTTPs Protocol, Referer and User Agent.

IMAP Probe

It connects to an IMAP server, receives response and sends the QUIT command to terminate the connection. The connection status and response are saved.

NNTP Probe

It connects to NNTP (Usenet) server, receives the response and sends the QUIT command to terminate the connection. The connection status and response are saved.

POP3 Probe

It connects to POP3 (Usenet) server, receives and sends the QUIT command to terminate the connection. The connection status and response are saved.

SMTP Probe

It connects to SMTP (Usenet) server and sends the HELLO command that is automatically constructed by MonitorWare Agent on startup using the full qualified DNS name. The SMTP probe then receives the response and sends the QUIT command to terminate the connection. The connection status and response are saved.

IPv6

Support for IPv6 is available in all network related facilities of the engine. All network related actions will automatically detect IPv6 and IPv4 target addresses if configured. You can also use DNS resolution to resolve valid IPv6 addresses. Network related Services can either use IPv4 or IPv6 as internet protocol. In order to support both protocols, you will need to create two services. The only exception is the RELP Listener, which uses IPv4 and IPv6 automatically if available.

Runs on a large Variety of Windows Systems

Windows 2019/2016/2012/10/8/2008(R2)/7/Vista/2008/2003/2003(R2)/XP/2000; Workstation or Server – MonitorWare Agent runs on all of them.

Support for Windows 2000 and other EOL operating systems is only partially available. Only a minimal service installation may be possible. More details: Information for a Mass Rollout

We also have Compaq(Digital) ALPHA processor versions on platforms supporting this processor (engine only, available on request).

Multi-Language Client

Out of the box the MonitoreWare Agent supports English, Japanese, and German. Language settings are user-specific; so multiple users on the same machine can use different languages.

Friendly and Customizable User Interface

The Cloning feature added to MonitorWare Agent Client helps to clone a Ruleset, a Rule, an Action, or a Service with one mouse click. It includes a Move up and Move down function for Actions in the MonitorWare Agent Client.

Multiple RuleSets - Rules - Actions

With the MonitorWare Agent as many “RuleSets”, “Rules” and “Actions” as necessary can be defined.

Multiple RuleSets - Rules - Actions

Multithreaded Queue Engine

The Action processing engine is multithread enabled, which means that the overall processing performance will increase in larger environments and MWAgent will benefit from smp machines.