How To Monitor Windows machines and Syslog devices?

How To Monitor Windows machines and Syslog devices?

Article created 2007-06-15 by Florian Riedl
Article updated 2011-06-15 by Tom Bergfeld

Info:
Please note that this article was written for older versions of MonitorWare products. But of course you can also use this guide for the current versions. In newer versions you maybe will find some additional settings, but the basic settings will be the same.

This Article describes how you can monitor the EventLog of your Windows hosts and your syslog devices at the same time. All log data will be stored in a central database for further processing. The description below shows you how to setup your central log server and how to setup your Windows hosts.
What do we need for this article?

  • One MonitorWare Agent – edition depending on number of remote hosts.
  • EventReporter Professional for sending EventLog data via SETP – number depending on Windows hosts to monitor.
  • Syslog sending devices – configured and running.
  • A SQL or Jet database – configured ODBC datasource on the central host.
  • Step 1:

    The first step is, to setup the central agent. This machine will get MonitorWare Agent installed. It will be the one which receives the syslog messages from your routers, switches, firewalls or unix hosts. And it will receive all EventLog data from your windows hosts via SETP.
    Please Note: For this example you need a ODBC datasource configured for a SQL database of your choice on this machine.

    Download MonitorWare Agent configuration file.

    Step 2:

    The second step is to setup the Windows machines, which should send all EventLog data to your central server. On these machines you install EventReporter. It will read the EventLog and forward all Windows Events to your central server via SETP.

    Download EventReporter configuration file.

    Step 3:

    In the third step you need to setup your syslog sending devices correctly. These devices can be routers, switches, firewalls or unix hosts. You need to configure the device so log messages are sent via syslog to your central host. Because of the variety of devices, we cannot give any specific guides for the setup. If there comes anything up, please ask your local administrator or the vendor of the device.
    Please Note: Adiscon dissociates itself from any issues that result in wrong confguration of these devices.

    Step 4:

    You are done! Your setup is complete. And everything works correctly, then your database should fill itself with your log data.

    Now that a basic setup has been created you could go on go on and bring in more detail. Creating reports with the stored data, automatic e-mails for your administrators or filtered log data are only a few of the many possibilities. You could combine Ping or Port Probes and the send e-mail action for alerting if a machine or a service fails or apply detailed filters before sending the log data to your central host.