How To Monitor Windows machines and Syslog devices?
Article created 2007-06-15 by Florian Riedl
Article updated 2011-06-15 by Tom Bergfeld
Info:
Please note that this article was written for older versions of MonitorWare products. But of course you can also use this guide for the current versions. In newer versions you maybe will find some additional settings, but the basic settings will be the same.
This Article describes how you can monitor the EventLog of your Windows hosts and your syslog devices at the same time. All log data will be stored in a central database for further processing. The description below shows you how to setup your central log server and how to setup your Windows hosts.
What do we need for this article?
Step 1:The first step is, to setup the central agent. This machine will get MonitorWare Agent installed. It will be the one which receives the syslog messages from your routers, switches, firewalls or unix hosts. And it will receive all EventLog data from your windows hosts via SETP. Download MonitorWare Agent configuration file. Step 2:The second step is to setup the Windows machines, which should send all EventLog data to your central server. On these machines you install EventReporter. It will read the EventLog and forward all Windows Events to your central server via SETP. Download EventReporter configuration file. Step 3:In the third step you need to setup your syslog sending devices correctly. These devices can be routers, switches, firewalls or unix hosts. You need to configure the device so log messages are sent via syslog to your central host. Because of the variety of devices, we cannot give any specific guides for the setup. If there comes anything up, please ask your local administrator or the vendor of the device. Step 4:You are done! Your setup is complete. And everything works correctly, then your database should fill itself with your log data. Now that a basic setup has been created you could go on go on and bring in more detail. Creating reports with the stored data, automatic e-mails for your administrators or filtered log data are only a few of the many possibilities. You could combine Ping or Port Probes and the send e-mail action for alerting if a machine or a service fails or apply detailed filters before sending the log data to your central host. |