Tag: events

“A complete description of common uses of the MonitorWare line of products. – Relaying events

Common uses

Article created 2003-05-14 by Rainer
Gerhards.

Relaying Events

In all but the easiest scenarios event data needs to be relayed between
different machines. Please note that relaying is also often referred to
as “forwarding” – both terms have the same meaning in the context
of this documentation.

A typical relay scenario might look like follows:

Here, devices send event data to servers configured for relaying. These
servers in turn forward the data to its final destination, the central
server.

Please note that the so-called “Relay Server” need not be limited to the
relay function. It can also perform any other MonitorWare agent function
like data gathering or real time alerting. Also, the devices of course
can include Windows systems monitored by a MonitorWare Agent configured as data gathering- The idea behind the picture is to provide a quick sample – it is in no means complete.

Whenever it comes to relaying messages, an important decision must be made: the protocol used for relaying must be selected. Basically, either syslog or the SETP protocol can be used. This is an important choice, because the two protocols offer very different benefits:

syslog

  • supported by virtually all network devices (like routers, firewalls and the like)
  • standardized (but not necessarily all devices follow the standard)
  • THE universal network event notification protocol
  • UDP based, as such event data might be lost in transit
  • limited to 1024 characters per event, which is definitely too short for Windows
    event log entries (larger messages can be processed by MonitorWare, but
    this can result in more likely packet loss)
  • event source system typically can not be tracked correctly when using inside a cascaded system
  • event information for non-original syslog events is lost as they can not be transmitted in native format

SETP

  • Adiscon’s proprietary protocol for event notification
  • so far, supported by MonitorWare Agent exclusively
  • TCP based, reliable delivery possible
  • can be used with Windows IPsec
  • optimized for event data transmittal
  • events are transmitted in native format and thus can be fully reconstructed at
    the receiving side
  • no event size limit
  • XML based

Given the advantages, Adiscon recommends using SETP whenever possible. This is then the case when an MonitorWare Agent sends events to another MonitorWare Agent. When events from other devices, e.g. routers, are to be received, syslog protocol must be used for these incoming events. If event data is to be sent to a non-MonitorWare Agent system (e.g. a management system on a Linux or UNIX system), syslog must also be used as these other systems do not “speak” SETP.

MonitorWare Agent can process both of these protocols concurrently. So it is no problem to use SETP in a mixed environment. Again, we highly recommend using SETP whenever possible.

Configurations for Forwarding the Events

Configurations for Forwarding the Events

Created 2003-04-04 by Wajih-ur-Rehman.

I have MonitorWare Agents running on various Windows Machines/Servers. I want to forward all the Windows Event Log messages to the central MonitorWare Agent. What configurations should i make?

For all the Window machines, which are forwarding the data to the central server, following should be the configurations for MonitorWare Agents running on them:

  1. Right click on “Services” node and add “Event Log Monitor Service”. A new node will be added under the Services node. Click on this newly added node and change the settings according to your requirements.
  2. When you install MonitorWare Agent, it creates one RuleSet automatically. Right click on it, go to Rules and add a new Rule. You will see a new Rule under the Rule Set.
  3. When you expand this newly created Rule, you will see two nodes under it. One is “Filter Condition” (by default, “No Filter” is selected.) and the other is “Actions”.
  4. Right click on Actions, and add “Send SETP” action. (You can also send via Syslog but SETP is recommended)
  5. You will see a new node under the newly created node. Click on it and set the settings. Note that if you are interested in only specific events to be sent to the central server, you can define a Filter condition as well. With the current settings (no filter) all the events will be sent to the central server.
  6. Go back to the Service that you created in Step 1 and make sure that the RuleSet under which you have defined your own Rule in step 2 is attached to this service. In other words, if you go to the properties of Event Log Monitor Service that you created in step 1, you will see a combo box at the bottom “Rule Set to use”. Make sure that the The Rule Set under which you have defined your own rule in step 2 is selected over there.

1V0-601 exam   ,
350-029 Study Guides   ,
AWS-SYSOPS exam   ,
EX300 exam   ,
70-487 test   ,
350-080 certification   ,
1Z0-144 pdf   ,
MB2-704 Study Guides   ,
HP0-S42 certification   ,
1Z0-061 pdf   ,
MB5-705 test   ,
70-488 dumps   ,
VCP550 dumps   ,
400-051 certification   ,
ITILFND exam   ,
70-534 exam   ,
400-051 pdf   ,
70-486 exam   ,
300-135 certification   ,
300-206 dumps   ,
HP0-S42 dumps   ,
JN0-102 Exam   ,
70-463 dumps   ,
c2010-657 certification   ,
350-060 pdf   ,
300-209 exam   ,
000-080 exam   ,
1V0-601 dumps   ,
9L0-012 test   ,
000-017 dumps   ,
70-346 exam   ,
300-101 dumps   ,
1z0-808 Exam   ,
210-060 test   ,
ICGB test   ,
070-461 test   ,
300-135 exam   ,
MB6-703 pdf   ,
3002 test   ,
210-060 exam   ,
70-462 exam   ,
SY0-401 test   ,
70-534 exam   ,
1Y0-201 pdf   ,
N10-006 certification   ,
70-347 exam   ,
70-413 exam   ,
AWS-SYSOPS test   ,
JK0-022 exam   ,