Step by Step Guides

How to setup MonitorWare Agent to monitor NetApp devices using backup *.evt files

This article describes how to use MonitorWare Agent to monitor NetApp devices using the backup .evt files. In this guide we describe how to setup the service. For creating the actions, please refer to the our other guides. There are basically two methods to monitor logs of NetApp devices. The first, described here, is to … Continue reading "How to setup MonitorWare Agent to monitor NetApp devices using backup *.evt files"...

How to setup MonitorWare Agent to monitor NetApp devices using Eventlog API

This article describes how to use MonitorWare Agent to monitor NetApp devices using the Eventlog API. In this guide we describe how to setup the service. For creating the actions, please refer to the our other guides. There are basically two methods to monitor logs of NetApp devices. The first, described here, is to monitor … Continue reading "How to setup MonitorWare Agent to monitor NetApp devices using Eventlog API"...

How to perform a mass rollout?

How to perform a mass rollout? Last Update 2013-01-02 by Florian Riedl A mass rollout in the scope of this topic is any case where the product is rolled out to more than 5 to 10 machines and this rollout is to be automated. This is described first in this article. A special case may … Continue reading "How to perform a mass rollout?"...

How you transfer full licenses to another device

This Article describes how you transfer full licenses to another device. Article created 2011-09-08 by Tim Eifler. This Article describes how you transfer full licenses to another device. The Article is applicable to all versions of EventReporter, MonitorWare Agent and WinSyslog. 1. Start the application. 2. Export the Settings to a XML file. Left-click on … Continue reading "How you transfer full licenses to another device"...

Database Logging with MSSQL

Step-By-Step Guides Article created 2004-09-14 by Timm Herget. Last Updated 2011-07-27 by Florian Riedl. Database Logging with MSSQL This is a very quick step-by-step guide. It essentially is a step in multiple configurations. You can refer to this guide whenever you need to add database logging to one of your services. Though we need to … Continue reading "Database Logging with MSSQL"...

Creating a simple Syslog Server

Last updated 2016-08-26 by Jan Gerhards, using Winsyslog 13.2. In this scenario, a simple Syslog server will be created. No other services are configured. The Syslog server will operate as a standard Syslog server on the default port of 514/UDP. All incoming data will be written to a single text file. Step 1 – Defining a … Continue reading "Creating a simple Syslog Server"...

Centralized logging in a hybrid environment (Windows/Linux)

Centralized logging in a hybrid environment (Windows/Linux) Created 2011-03-11 by Florian Riedl This article will describe how to setup centralized logging in a hybrid environment. Basically, we will have various major steps, that show different configuration of several clients, which forward their log data to a central loghost. There, everything will be stored into a … Continue reading "Centralized logging in a hybrid environment (Windows/Linux)"...

MonitorWare Agent sending to the Microsoft Message Queue

Created 2011-02-03 by Florian Riedl With version 8.0 of MonitorWare Agent we introduced a new action called “Send MSQueue”. This action allows MonitorWare Agent Professional and Enterprise to forward the received messages to the Microsoft Message Queue. This action is also available in EventReporter Professional (v12.0) and WinSyslog Professional and Enterprise (v11.0). To get this … Continue reading "MonitorWare Agent sending to the Microsoft Message Queue"...

Monitoring DHCP Logfiles

Monitoring Windows 2003 DHCP Server Logfiles via syslog Created 2007-10-10 by Florian Riedl Information for the usage of this guide. This guide will give you the hints to create a configuration to monitor Windows 2003 DHCP server logs as well as forward all log data to a syslog server. To make things easier, the guide … Continue reading "Monitoring DHCP Logfiles"...

A complete step by step guide on setting up centralized Windows event monitoring. It contains screenshots of all important dialogs as well as links to the necessary free downloads.

How To setup Windows centralized Monitoring Article created 2003-11-24 by Wajih-ur Rehman. Article updated 2004-04-22 by Tamsila-Q-Siddique. Monitoring Windows NT/2000/XP/2003 is important even for small environments. This article is strictly task focused. It does not describe why the systems should be monitored nor does it provide any further background. Please see the respective backgrounders or … Continue reading "A complete step by step guide on setting up centralized Windows event monitoring. It contains screenshots of all important dialogs as well as links to the necessary free downloads."...

Centralized Event Reports with MoniLog

Step-By-Step Guides Article created 2003-05-08 by Rainer Gerhards. Centralized Event Reports with MoniLog In this step-by-step guide, MonitorWare Agent is configured to work together with Adiscon’s MoniLog to automatically generate event summaries for the monitored servers and other devices. This guide focuses on a typical small to medium business topography with a single geographical location … Continue reading "Centralized Event Reports with MoniLog"...

How To setup SETP Server Service

Last updated 2016-09-01 by Jan Gerhards, using Winsyslog 13.2. 1. First, right click on “Services”, then select “Add Service” and the “SETP Server”. 2. Now you will see a newly created service called “SETP Sever” in the tree view. This will be selected by default after creating the service. 3. The service will be created using … Continue reading "How To setup SETP Server Service"...

Common uses

Article created 2003-05-14 by Rainer Gerhards. Updated 2004-06-21 by Tamsila-Q-Siddique. Analysis If you are interested in receiving a consolidated view of your overall system state and activity, you are probably interested in the analysis features of the MonitorWare system. Please note that this chapter is currently being expanded. As such, the examples and uses given … Continue reading "Common uses"...

How to perform a mass update rollout?

How to perform a mass update rollout? Created 2008-10-10 by Florian Riedl A mass rollout in the scope of this topic is any case where the product is rolled out to more than 5 to 10 machines and this rollout is to be automated. This is described in detail in the Article How to perform … Continue reading "How to perform a mass update rollout?"...

Store IIS Logfiles into a Database

Store IIS Logfiles into a Database Created 2008-10-06 by Florian Riedl For storing IIS logs into a database you need MWAgent. With the help of this guide, we will show you, how to create a proper configuration for storing IIS logs into a given database structure. The main goal of this guide is to achieve, … Continue reading "Store IIS Logfiles into a Database"...

Database Formats

Database Formats These sample here implement the MonitorWare Common Database Format in widely used database systems. Attention Sybase users: the “Message” name is reserved in your database system and cannot be used as a field name. It needs to be changed, otherwise the table create will fail. Be sure to also change it in to … Continue reading "Database Formats"...

Forwarding NT Event Logs to an SETP Server

Step-By-Step Guides Article created 2003-04-30 by Rainer Gerhards. Last Updated 2008-02-04 by Florian Riedl. Forwarding NT Event Logs to an SETP Server In this scenario, an event log monitor is used to forward all events written to the NT Event Log to a SETP server. This is another instance of the MonitorWare Agent, typically running … Continue reading "Forwarding NT Event Logs to an SETP Server"...

Forwarding NT Event Logs to an SETP Server

Step-By-Step Guides Article created 2003-04-30 by Rainer Gerhards. Last Updated 2008-02-04 by Florian Riedl. Forwarding NT Event Logs to an SETP Server In this scenario, an event log monitor is used to forward all events written to the NT Event Log to a SETP server. This is another instance of the MonitorWare Agent, typically running … Continue reading "Forwarding NT Event Logs to an SETP Server"...

How To setup PIX centralized Monitoring with MonitorWare Console 3.x

How To setup PIX centralized Monitoring with MonitorWare Console 3.x Article created 2005-05-17 by Hamid Ali Raja Last Updated 2011-05-24 by Tom Bergfeld Adiscon Products can be used to efficiently analyze PIX traffic as well. This article is strictly task focused. It does not describe why the systems should be monitored nor does it provide … Continue reading "How To setup PIX centralized Monitoring with MonitorWare Console 3.x"...

How To setup Windows centralized Monitoring

How To setup Windows centralized Monitoring Article created 2007-10-26 by Florian Riedl Article updated 2011-05-23 by Tom Bergfeld Please Note: This article is valid for EventReporter, WinSyslog and MonitorWare Agent in addition to MonitorWare Console! Windows systems monitoring is really important for all small to large sized environments. The MonitorWare line of products helps to … Continue reading "How To setup Windows centralized Monitoring"...

How To Monitor Windows machines and Syslog devices?

How To Monitor Windows machines and Syslog devices? Article created 2007-06-15 by Florian Riedl Article updated 2011-06-15 by Tom Bergfeld Info: Please note that this article was written for older versions of MonitorWare products. But of course you can also use this guide for the current versions. In newer versions you maybe will find some … Continue reading "How To Monitor Windows machines and Syslog devices?"...

How To Enter the License Information

How To Enter the License Information Article created 2007-06-13 by Florian Riedl This article describes how to enter the license information you received via mail by buyingone of our products. The Article is applicable to EventReporter, MonitorWare Agent and WinSyslog and other products...

How To Export the Configuration and Create a Debug Log File

How To Export the Configuration and Create a Debug Log File Article created 2017-11-15 by Pascal Withopf This Article describes you how you can export the configuration of your program and create a debug file. These are needed for troubleshooting. The Article is applicable to EventReporter, MonitorWare Agent and WinSyslog. How to Export the Configuration … Continue reading "How To Export the Configuration and Create a Debug Log File"...

How To Configure a Syslog Server

How To Configure a Syslog Server Article created 2007-06-04 by Florian Riedl...

How To setup a Start Program Action

How To setup a Start Program Action Article created 2007-04-12 by Florian Riedl. 1. First we define a new rule set. Right-click “Rules”. A pop up menu will appear. Select “Add Rule Set” from this menu. On screen, it looks as follows: 2. Then, a wizard starts. Change the name of the rule to whatever … Continue reading "How To setup a Start Program Action"...

How To setup EventLogMonitor V2 Service

How To setup EventLogMonitor V2 Service Article created 2007-04-10 by Florian Riedl Article updated 2011-05-25 by Tom Bergfeld. Please note: Starting with EventReporter 8.3 and MonitorWare Agent 4.3 two different event log monitor services are provided. They are called “Event Log Monitor” (V1) and “Event Log Monitor V2”. In short, the V2 version is recommended … Continue reading "How To setup EventLogMonitor V2 Service"...

How To setup a Control NT Service Action

How To setup a Control NT Service Action Article created 2007-04-05 by Florian Riedl. 1. First we define a new rule set. Right-click “Rules”. A pop up menu will appear. Select “Add Rule Set” from this menu. On screen, it looks as follows: 2. Then, a wizard starts. Change the name of the rule to … Continue reading "How To setup a Control NT Service Action"...

How To setup a Set Status Action

How To setup a Set Status Action Article created 2007-04-05 by Florian Riedl. 1. First we define a new rule set. Right-click “Rules”. A pop up menu will appear. Select “Add Rule Set” from this menu. On screen, it looks as follows: 2. Then, a wizard starts. Change the name of the rule to whatever … Continue reading "How To setup a Set Status Action"...

How To setup a Set Property Action

How To setup a Set Property Action Article created 2007-04-05 by Florian Riedl. 1. First we define a new rule set. Right-click “Rules”. A pop up menu will appear. Select “Add Rule Set” from this menu. On screen, it looks as follows: 2. Then, a wizard starts. Change the name of the rule to whatever … Continue reading "How To setup a Set Property Action"...

How To setup NT Service Monitor Service

How To setup NT Service Monitor Service Article created 2007-04-05 by Florian Riedl. This service helps you keeping track of your running services. At severeal time intervals it checks all services which are in the automatic start state if they are running. If not, a Event is generated and passed to the rule engine for … Continue reading "How To setup NT Service Monitor Service"...

Monitoring MS ISA Firewall Logfiles via syslog

Monitoring MS ISA Firewall Logfiles via syslog Created 2007-04-02 by Florian Riedl Information for the usage of this guide. This guide will give you the hints to create a configuration to monitor ISA server logs as well as forward all log data to a syslog server. To make things easier, the guide is split up … Continue reading "Monitoring MS ISA Firewall Logfiles via syslog"...

How To setup a Forward via Syslog Action

How To setup a Forward via Syslog Action Article created 2007-02-15 by Florian Riedl. 1. First we define a new rule set. Right-click “Rules”. A pop up menu will appear. Select “Add Rule Set” from this menu. On screen, it looks as follows: 2. Then, a wizard starts. Change the name of the rule to … Continue reading "How To setup a Forward via Syslog Action"...

Creating a Rule Set for Database Logging

Step-By-Step Guides Article created 2005-04-05 by Hamid Ali Raja. Last Updated 2007-01-16 by Florian Riedl. Creating a Rule Set for Database Logging This is a very quick step-by-step guide. It essentially is a step in multiple configurations. You can refer to this guide whenever you need to add database logging to one of your services. … Continue reading "Creating a Rule Set for Database Logging"...

How To setup a File Logging Action

How To setup a File Logging Action Article created 2007-01-16 by Florian Riedl. Please note: This Step By Step Guide works for EventReporter, MonitorWare Agent and WinSyslog. 1. Start the Client. Then define a new rule set, right click “RuleSets”. A popup menu will appear. Select “Add Rule Set” from this menu. On screen, it … Continue reading "How To setup a File Logging Action"...

How To setup an Send Mail Action

How To setup an Send Mail Action Article created 2006-12-22 by Florian Riedl. 1. First we define a new rule set. Right-click “Rules”. A pop up menu will appear. Select “Add Rule Set” from this menu. On screen, it looks as follows: 2. Then, a wizard starts. Change the name of the rule to whatever … Continue reading "How To setup an Send Mail Action"...

How To setup an SETP Action

How To setup an SETP Action Article created 2005-04-21 by Hamid Ali Raja. Last Updated 2006-12-21 by Florian Riedl. 1. First we have to define a new rule set, right click on “Rules”. A pop up menu will appear. Select “Add Rule Set” from this menu. On screen, it looks as follows: 2. Then, a … Continue reading "How To setup an SETP Action"...

How To setup File Monitor Service

How To setup File Monitor Service Article created 2006-12-21 by Florian Riedl. 1. First, right click on “Services”, then select “Add Service” and the “File Monitor”. Once you have done so, a new wizard starts. 2. Again, you can use either the default name or any one you like. We will use “My FileMonitor” in … Continue reading "How To setup File Monitor Service"...

How To setup FileMonitor Service

How To setup File Monitor Service Article created 2006-12-21 by Florian Riedl. 1. First, right click on “Services”, then select “Add Service” and the “File Monitor”. Once you have done so, a new wizard starts. 2. Again, you can use either the default name or any one you like. We will use “My FileMonitor” in … Continue reading "How To setup FileMonitor Service"...

Guide For Applying Filters in MonitorWare Agent, WinSyslog and EventReporter – MonitorWare Agent

How do I apply filters in MonitorWare Agent 4.0? Article created 2006-06-19 by Timm Herget. MonitorWare Agent enables you to apply filters to achieve your desired results. This step-by-step guide helps you through creating these filters. You can: Add a filter Update a filter Delete a filter...

Database Logging with MSSQL in MonitorWare Agent 4.0

Step-By-Step Guides Article updated 2006-06-19 by Timm Herget. Database Logging with MSSQL in MonitorWare Agent 4.0 This guide helps you to add database logging to any of your services available in MonitorWare Agent 4.0. Microsoft SQL Enterprise Manager 1. To create a new Database, open up the Microsoft SQL Enterprise Manager. 2. Right-click on “Databases” … Continue reading "Database Logging with MSSQL in MonitorWare Agent 4.0"...

How To setup Windows centralized Monitoring

How To setup Windows centralized Monitoring Article created 2006-02-13 by Timm Herget Article updated 2006-06-19 by Timm Herget. Please Note: This article is valid for EventReporter 8.x and lower, WinSyslog 7.x and lower and MonitorWare Agent 4.x and lower in addition to MonitorWare Console 2.1 ! Windows NT/2000/XP/2003 systems monitoring is really important for all … Continue reading "How To setup Windows centralized Monitoring"...

How To setup PIX centralized Monitoring

How To setup PIX centralized Monitoring Article created 2005-05-17 by Hamid Ali Raja Last Updated 2006-06-19 by Timm Herget. Adiscon Products can be used to efficiently analyze PIX traffic as well. This article is strictly task focused. It does not describe why the systems should be monitored nor does it provide any further background. Please … Continue reading "How To setup PIX centralized Monitoring"...

Forwarding filtered IIS Logfiles

Forwarding filtered IIS Logfiles Created 2006-04-19 by Timm Herget Please note: In order to forward the IIS logs you need MWAgent. Step 1 First, create a new RuleSet, in our sample we named it ForwardSyslog, and bind an ForwardSyslog ,or any other action you want to use for forwarding (e.g. SendEmail), to it. In our … Continue reading "Forwarding filtered IIS Logfiles"...

How to store custom properties of a log message in a database

How to store custom properties of a log message in a database Created 2006-03-27 by Timm Herget This step-by-step guide describes a scenario where WinSyslog receives syslog data from a Fortigate firewall, parses the messages via post processing action and writes the custom parsed properties into a database. Step 1 – Creating the Syslog Server … Continue reading "How to store custom properties of a log message in a database"...

How To setup a Failover Syslog Server

How To setup a Failover Syslog Server Article created 2006-02-01 by Timm Herget. You want to have an alternative syslog server for forwarding your e.g. PIX-syslog-messages, which automatically detects if the primary server is alive or not and if not he takes it’s roll until he is back? Here we go: At first please make … Continue reading "How To setup a Failover Syslog Server"...

How To setup a Failover Syslog Server

How To setup a Failover Syslog Server Article created 2006-02-01 by Timm Herget. You want to have an alternative syslog server for forwarding your e.g. PIX-syslog-messages, which automatically detects if the primary server is alive or not and if not he takes it’s roll until he is back? Here we go: At first please make … Continue reading "How To setup a Failover Syslog Server"...

Interactive Logon/Logoff Filter

Interactive Logon/Logoff Filter Created 2005-10-05 by Timm Herget Please Note: This article is valid for EventReporter 8.x / MWAgent 4.x and lower and describes, how to set the filters to get only interactive logon’s/logoff’s. Click on your “Filter Conditions”. Here we have a little problem, because it depends on your operating system. If you work … Continue reading "Interactive Logon/Logoff Filter"...

How To setup EventLogMonitor Service

How To setup EventLogMonitor Service Article created 2003-02-24 by Rainer Gerhards. Last Updated 2011-05-25 by Tom Bergfeld. Please note: Starting with EventReporter 8.3 and MonitorWare Agent 4.3 two different event log monitor services are provided. They are called “Event Log Monitor” (V1) and “Event Log Monitor V2”. In short, the V2 version is recommended for … Continue reading "How To setup EventLogMonitor Service"...

Forwarding NT Event Logs to a Syslog Server

Step-By-Step Guides Article created 2003-04-30 by Rainer Gerhards. Last Updated 2005-08-16 by Timm Herget. Forwarding NT Event Logs to a Syslog Server In this scenario, an event log monitor is used to forward all events written to the NT Event Log to a syslog server. This can either be another instance of MonitorWare or any … Continue reading "Forwarding NT Event Logs to a Syslog Server"...

Forwarding NT Event Logs to a Syslog Server

Step-By-Step Guides Article created 2003-04-30 by Rainer Gerhards. Last Updated 2005-08-16 by Timm Herget. Forwarding NT Event Logs to a Syslog Server In this scenario, an event log monitor is used to forward all events written to the NT Event Log to a syslog server. This can either be another instance of MonitorWare or any … Continue reading "Forwarding NT Event Logs to a Syslog Server"...

How To setup Windows centralized Monitoring

How To setup Windows centralized Monitoring Article created 2005-04-21 by Hamid Ali Raja Last Updated 2005-08-02 by Timm Herget Windows NT/2000/XP/2003 systems monitoring is really important for all small to large sized enviroments. MonitorWare line of products helps to accomplish this important task. This article is to help you establish a small setup to monitor … Continue reading "How To setup Windows centralized Monitoring"...

Creating a simple Syslog Server

Step-By-Step Guides Article created 2005-05-17 by Hamid Ali Raja. Creating a simple Syslog Server In this scenario, a simple Syslog server will be created. No other services are configured. The Syslog server will operate as a standard Syslog server on the default port of 514/UDP. All incoming data will be written to a single text … Continue reading "Creating a simple Syslog Server"...

A complete step by step guide on setting up SETP action

How To setup an SETP Action Article created 2005-05-05 by Hamid Ali raja. 1. Start the Application. 2. Select your language – in this example, I use English, so it might be a good idea to choose English even if that is not your preference. You can change it any time later, but using English … Continue reading "A complete step by step guide on setting up SETP action"...

How to setup MonitorWare Agent, WinSyslog and EventReporter?

How to setup MonitorWare Agent, WinSyslog and EventReporter? Article created 2004-02-27 by Tamsila-Q-Siddique. Article updated 2004-04-28 by Tamsila-Q-Siddique. Article updated 2005-05-04 by Hamid Ali Raja. WinSyslog and EventReporter are subset of MonitorWare Agent. This means that there would be no difference in the set up creation.You need administrative privileges on each of the machines. This … Continue reading "How to setup MonitorWare Agent, WinSyslog and EventReporter?"...

A complete step by step guide on setting up SETP Server Service

How To setup SETP Server Service Article created 2005-04-04 by Hamid Ali Raja. 1. First, right click on “Services”, then select “Add Service” and the “SETP Server”. Once you have done so, a new wizard starts. 2. Again, you can use either the default name or any one you like. We will use “My SETP … Continue reading "A complete step by step guide on setting up SETP Server Service"...

How To setup Windows centralized Monitoring

How To setup Windows centralized Monitoring Article created 2005-04-05 by Hamid Ali Raja. Monitoring Windows NT/2000/XP/2003 is important even for small environments. This article is strictly task focused. It does not describe why the systems should be monitored nor does it provide any further background. Please see the respective backgrounders or product documentation on this. … Continue reading "How To setup Windows centralized Monitoring"...

How do I Update filters for MonitorWare Agent?

How do I Update filters for MonitorWare Agent? Article created 2005-04-04 by Hamid Ali Raja. 2. In order to update a filter it’s necessary that you have a previously saved configuration in which you had applied filters. Click here if you wish to learn “How to add filters for MonitorWare Agent?” Note:String comparison in Filter … Continue reading "How do I Update filters for MonitorWare Agent?"...

How do I Delete filters for MonitorWare Agent 3.0?

How do I Delete filters for MonitorWare Agent 3.0? Article created 2005-04-04 by Hamid Ali Raja. In order to update a filter it’s necessary that you have a previously saved configuration in which you had applied filters. Click here if you wish to learn “How to add filters for MonitorWare Agent?” Note: String comparison in … Continue reading "How do I Delete filters for MonitorWare Agent 3.0?"...

How do I Add filters for MonitorWare Agent?

How do I Add filters for MonitorWare Agent? Article created 2005-04-04 by Hamid Ali Raja. Once you go to start -> programs -> MonitorWare -> MonitorWare Client to run the program, you see a screen-shot similar to the one below: Facility Required Email alert Conditions Applicable Email Alert should be generated on events with ( … Continue reading "How do I Add filters for MonitorWare Agent?"...

How do I Add filters for MonitorWare Agent, WinSyslog and EventReporter?

How do I Add filters for MonitorWare Agent, WinSyslog and EventReporter? Article created 2004-07-15 by Tamsila-Q-Siddique. Article updated 2006-06-19 by Timm Herget. 1. You would at least need the Basic Edition of MonitorWare Agent / WinSyslog / EventReporter for this scenario. Please Note: We are using MonitorWare Agent in this guide whereas MonitorWare Agent is … Continue reading "How do I Add filters for MonitorWare Agent, WinSyslog and EventReporter?"...

How do I apply filters in MonitorWare Agent, WinSyslog and EventReporter?

How do I apply filters in MonitorWare Agent, WinSyslog and EventReporter? Article created 2004-07-12 by Tamsila-Q-Siddique. MonitorWare Agent, WinSyslog and EventReporter enables you to apply filters to achieve your desired results. This step-by-step guide will help you through creating these filters. You can: Add a filter Update a filter Delete a filter Please note: WinSyslog … Continue reading "How do I apply filters in MonitorWare Agent, WinSyslog and EventReporter?"...

Configuring Windows for the Event Log Monitor

Article created 2003-05-12 by Rainer Gerhards. Configuring Windows for the Event Log Monitor The event log monitor service pulls events from the Windows event logs. In Windows’ default setup, the information contained in the logs is sparse and far from sufficient for security monitoring. If you are solely interested in checking system health, the default … Continue reading "Configuring Windows for the Event Log Monitor"...

Creating a hardened log host

Step-By-Step Guides Article created 2003-05-12 by Rainer Gerhards. Creating a hardened log host A hardened log host is a system that is especially configured to prevent malicious users from modifying any log data stored inside it. A hardened log host is especially useful if tampering with log data is to be avoided. Setting up a … Continue reading "Creating a hardened log host"...

Reporting Log Truncation

Step-By-Step Guides Article created 2003-05-09 by Tamsila-Q-Siddique. Reporting Log Truncation This step-by-step guide was inspired by a customer question. The customer had a need to record all events seen in the event logs. But due to the overall setup, a lot of event log truncated messages occured. These, too, should be forwarded, but only one … Continue reading "Reporting Log Truncation"...

Firewall setup for MonitorWare Agent

Step-By-Step Guides Article created 2003-05-09 by Rainer Gerhards. Firewall setup for MonitorWare Agent MonitorWare Agent can be used with standard firewalling. The product itself does not require any specific access privileges to network services like RPC or the like. The Windows networking support required is fully dependant on the needs of the network or security … Continue reading "Firewall setup for MonitorWare Agent"...

Intrusion Detection via the Windows Event Log

Step-By-Step Guides Article created 2003-05-09 by Rainer Gerhards. Intrusion Detection via the Windows Event Log The Windows event log provides multiple evidence of potential intrusions. We will discuss what to look for when checking the event log. We have used Windows 2000 Server while creating this text. There may be differences for other versions, so … Continue reading "Intrusion Detection via the Windows Event Log"...

Sample Syslog Device Configurations

Step-By-Step Guides Article created 2003-05-09 by Rainer Gerhards. Sample Syslog Device Configurations MonitorWare Agent can receive vital network status information from a variety of devices. As these devices are from many different vendors and have many different applications, it is impossible to provide detailed configuration information for all of them. We provide configuration information for … Continue reading "Sample Syslog Device Configurations"...

Creating a simple Syslog Server

Step-By-Step Guides Article created 2003-04-30 by Rainer Gerhards. Creating a simple Syslog Server In this scenario, a simple syslog server will be created. No other services are configured. The syslog server will operate as a standard syslog server on the default port of 514/UDP. All incoming data will be written to a single text file. … Continue reading "Creating a simple Syslog Server"...

“A complete step by step guide on setting up EventLogMonitor Service

How To setup EventLogMonitor Service Article created 2003-02-24 by Rainer Gerhards. Last Updated 2005-08-16 by Timm Herget. Note: This guide was initially written for MW Agent, but the steps are the same in EventReporter. 1. First, right click on “Services”, then select “Add Service” and then “Event Log Monitor”: 2. Once you have done so, … Continue reading "“A complete step by step guide on setting up EventLogMonitor Service"...

A complete step by step guide on setting up database logging action

How To setup Database Logging Action Article created 2003-02-24 by Rainer Gerhards. 1. Start the MonitorWare Agent 2. Again, you can select the language to use. And again, I suggest using English, as this makes the guide easier to follow. 3. Then define a new rule set, right click "Rules". A pop up menu will … Continue reading "A complete step by step guide on setting up database logging action"...